A first person account at Threatpost by David Litchfield, who discovered the vulnerability which was later exploited.

Looking at my phone, I excused myself from the table and took the call; it was my brother.

“David, it’s happened! Someone’s released a worm.”

“Worm? Worm for what?”

“Your SQL bug”

My stomach dropped. Telling Mark I’d call him back later I rejoined the table. Someone, I can’t remember who, asked if everything was alright. “Not really,” I replied, “I think there’s going to be trouble.”

Microsoft was going down the security path before this, but it clearly helped reinforce their direction and paid massive dividends on SQL Server itself.

The first major flaw to be found in SQL Server 2005 came over 3 years after its release – a heap overflow found by Brett Moore, triggered by opening a corrupted backup file with the RESTORE TSQL command. So far SQL Server 2008 has had zero issues. Not bad at all for a company long considered the whipping boy of the security world.

Oracle would prefer you not read that paragraph.