A concise, formal account of how a small worm exploited a SQL Server vulnerability to cause widespread Internet disruption within minutes, and practical takeaways on patching and network hygiene
The Narrative
On 25 January 2003 the SQL Slammer worm emerged and propagated extremely rapidly by sending small UDP packets to the SQL Server Resolution Service on port 1434, causing massive traffic congestion and service disruptions across the Internet.
The worm exploited a buffer‑overflow vulnerability in Microsoft SQL Server/MSDE; its payload fit in a single 376‑byte UDP packet and used random scanning to find vulnerable hosts. The resulting surge of UDP traffic overwhelmed routers and network infrastructure, amplifying outages.
A patch for the vulnerability had been available about six months earlier, yet many systems remained unpatched; the worm infected an estimated ~75,000 hosts within ten minutes and caused cascading router failures. The incident underscores the operational necessity of timely patch management, network filtering, and proactive vulnerability scanning.