Internal e-mails at Microsoft have revealed that it failed to patch systems running SQL against a vulnerability it had urged customers to patch, leaving it vulnerable to attack over the weekend by the Slammer worm that caused widespread infections.

Six months earlier, Microsoft had warned of this vulnerability and provided patches to its customers. But by 10pm on Sunday, it was obvious they had failed to take their own advice as servers became clogged with traffic, and services began to crawl.

Chief information officer for MS said; "We are not sure how the virus got into our network, it just takes one machine to get going" and "We are working hard to make patch management easier. But 100% is a high bar and in this case we are not there".


http://news.com.com/2100-1001-982305.html?tag=cd_mh

I was reading about this on the net. What I find strange is that many blame Microsoft for what happened, but they do not blame the users/admis for not patching their systems/networks. I mean, really, you have a bug out there for more than 7 months and a patch for it, and you don't update your system ? And then you blame Microsoft ?

Microsoft's products may be filled with bugs and holes, but this was the mistake of the users/admins. They didn't kept their computers up to date.

Just shows you that they don't hold enough faith in their own programming.