Microsoft products may not be alone in contributing to the spread of the SQL Slammer worm, security researchers said on Wednesday.
Other companies also make products containing the Microsoft database software that has been exploited by the worm. More than 30 products, from security scanners to backup servers, use the vulnerable Microsoft SQL Server 2000 and Microsoft SQL Desktop Edition (MDSE) 2000 software, according to a list compiled by database security site SQLSecurity.com.
"In most cases, it is probably a reduced danger," said Chip Andrews, an independent security consultant and the Web master for SQLSecurity.com. "If you have MSDE installed on an application, it's powerful. So you have to make sure to secure it."
Last weekend, many corporate networks slowed to a crawl after a fast-spreading computer worm infected database servers running vulnerable Microsoft software. While the Redmond, Wash.-based company had issued a patch for the flaw six months earlier, more than 200,000 computers and information appliances were still not patched at the time of the attack and became infected, according to the latest estimates from security information site Incidents.org.
News source: c|net