Internal e-mails at Microsoft have revealed that it failed to patch systems running SQL against a vulnerability it had urged customers to patch, leaving it vulnerable to attack over the weekend by the Slammer worm that caused widespread infections.
Six months earlier, Microsoft had warned of this vulnerability and provided patches to its customers. But by 10pm on Sunday, it was obvious they had failed to take their own advice as servers became clogged with traffic, and services began to crawl.
Chief information officer for MS said; "We are not sure how the virus got into our network, it just takes one machine to get going" and "We are working hard to make patch management easier. But 100% is a high bar and in this case we are not there". http://news.com.com/2100-1001-982305.html?tag=cd_mh