Laborious Updates Leave SQL Databases Unpatched | eWeek
Cybersecurity
PARTAGER
Facebook X Pinterest WhatsApp

Laborious Updates Leave SQL Databases Unpatched

Écrit par
Lisa Vaas
Lisa Vaas
Feb 3, 2003
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

The patches that could have stopped last weeks attack on Microsoft Corp. database software were so difficult to install or so poorly publicized that some of Microsofts own database administrators failed to install them.

The Redmond, Wash., developer released last July patch MS02-039 to fix a known vulnerability in its SQL Server database and wrapped it into Service Pack 3, which shipped only days before the SQL Slammer worm struck. However, many IT departments did not install the initial patch because installation could not be scripted.

Instead, DBAs were required to manually stop each instance of the software running in their organizations, rename or remove some files, and paste the patch files into various directories in each instance, according to Eric Schultze, director of research and development at security tool maker Shavlik Technologies LLC, in Minneapolis.

Some users didnt know they needed to install the patch, particularly those using Microsoft applications that run a SQL variant called Microsoft Desktop Engine, said Schultze, a former member of Microsofts Trustworthy Computing team.

Because of the original patchs installation difficulties, many time-strapped DBAs didnt bother with it. The primary reason that the University of Minnesota at Crookston didnt load the patch was the laborious installation, said Don Medal, director of computer services at the college. “My sense is that its only with Service Pack 3 that it became easy to install,” Medal said.

Microsoft did release in November a patch that automatically installed itself, but it was given only to customers who contacted Product Support Services, Microsoft spokeswoman Sarah Wiley said. Microsoft officials acknowledged that some instances of SQL Server in their company were not patched. Some were left that way on purpose to test customer configurations, said Wiley, but others were not patched because of time management issues or simple oversight.

“We struggle with the same issues as the rest of the industry,” Wiley said. “Individuals make patch deployment decisions based on a variety of reasons, such as time management or simply oversight.”

  • Read more articles by Lisa Vaas
  • Read more security stories
Lisa Vaas
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Entreprise

À propos Nous contacter Faire de la publicité

Catégories

Actualités récentes Ressources Intelligence artificielle Vidéo Mégadonnées et analyse Cloud Réseau

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.

Conditions d'utilisation Politique de confidentialité Californie - Ne pas vendre mes informations