Code Red Worm - Importance of Swiftly Eliminating Vulnerability

Hundreds of thousands of computers and network devices have been affected by three malicious programs unleashed through the Internet. Network latency and DoS attacks affected users throughout the world. System administrators, security professionals, and users spent an enormous amount of time in reaction to this threat. There remains an unknown number of servers operating with a wide-open back door, waiting for an intruder to stumble upon it. Lists of vulnerable servers are scattered throughout the globe in various logs and scan lists, offering tempting information to Black Hats, crackers and script kiddies. All of this because a patch was not applied. Patching a vulnerable system takes only a few minutes and a reboot, so why were these system not patched? The answer has many parts: the OS should not have been vulnerable in the first place; many users never realized they were vulnerable; the shear volume of vulnerabilities & security bulletins every month; lack of education of users; and understaffed & overworked system administrators. This is no excuse. We as security professionals have an obligation to mitigate the risk of having a world with interconnected computers.