Another related story....
This weekends attack should be seen as a serious wakeup call for system administrators who have been lax in patching their systems and should serve to increase awareness about the importance of system security. -Ed
In the largest such incident since the Code Red and Nimda worms swamped servers in 2001, the Sapphire worm--also known as Slammer and SQLExp--infected more than 120,000 computers and caused chaos within many corporate networks. Some Internet service providers in Asia were overwhelmed.
The small but malicious program rapidly exploited a six-month-old flaw in Microsoft SQL servers, underscoring a dirty secret in the IT industry: software bugs are common and administrators are slow to fix even widely publicized problems, said Johannes Ullrich, director of the security information site Incidents.org.
"Companies should have been ready for (the worm)," he said. "That patch should have been applied--it's six months old now."
News source: C|Net