Tuesday, December 23, 2008

Another MS SQL 0-day exploit itw: Microsoft SQL Server sp_replwritetovarbin (thanks God it wont be another slammer)

3 years after slammer, probably the fastest spreading worm ever, caused mayhem, a zero-day ms-sql exploit is out there in the wild...

Microsoft Security Advisory (961040)

Anyone who have seen slammer in action wont never forget how powerful that worm is. Curious enough, more than 2 years later, in 2007 while I was helping the guys who manage one of Italy's biggest data center, the IPS there keep on detecting slammer 376-bytes packets.

I don’t think another ms sql will cause same spearding power as slammer, as these days, only ignorant people will leave UDP port 1434 open...


PS: the identity of slammer's author was never discovered, as the patient 0...



Post a Comment

Subscribe to Post Comments [Atom]

<< Home