"Companies should have been ready for (the worm)," Johannes Ullrich said. "That patch should have been applied--it's six months old now."

News: SQL worm feeds on apathy, MS flaws
In the largest such incident since the Code Red and Nimda worms swamped servers in 2001, the Sapphire worm--also known as Slammer and SQLExp--infected more than 120,000 computers and caused chaos within many corporate networks. Some Internet service providers in Asia were overwhelmed.

The small but malicious program rapidly exploited a six-month-old flaw in Microsoft SQL servers, underscoring a dirty secret in the IT industry: software bugs are common and administrators are slow to fix even widely publicized problems, said Johannes Ullrich, director of the security information site Incidents.org.
http://zdnet.com.com/2100-1105-982135.html