W32.SASSER WORM RELATING TO MS04-011 SECURITY ALERT

• From: "Mark Fugatt" <mark@xxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Sun, 2 May 2004 13:52:15 -0400

FYI:

-  Earlier today a second version of SASSER was released.  This version was
also analyzed, and while it spreads differently, it too drops no damaging
payload.
 
-  Microsoft has developed a cleanup tool for W32.Sasser.worm.  You will
find this removal tool at
http://www.microsoft.com/downloads/details.aspx?FamilyId=76C6DE7E-1B6B-4FC3-
90D4-9FA42D14CC17&displaylang=en  and the corresponding Knowledge Base
article KB841720 at
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720.  This tool
exists for customers infected with Sasser.  Microsoft strongly encourages
you to apply MS04-011 as soon as possible.


On April 30th, Microsoft has been made aware that a worm identified as
"W32.Sasser.worm" is currently circulating on the Internet.  The worm
exploits the Local Security Authority Subsystem Service (LSASS)
vulnerability fixed in Microsoft Security Update MS04-011 on April 13, 2004.
You or someone in your organization has likely received the Bulletin
detailing these security updates. As a valued customer, we are contacting
you again so you have the information and resources you need to help address
any security issues that may arise.  If you or your customers are still
evaluating or testing these updates, we strongly recommend that you expedite
your review and deployment of these updates.
For the latest information please go to
http://www.microsoft.com/security.  

Microsoft Product Support Alert Details:

-  Microsoft has been made aware of a worm identified as "W32.Sasser.worm"
and it is currently circulating on the Internet.  The worm exploits the
Local Security Authority Subsystem Service (LSASS) vulnerability fixed in
Microsoft Security Update MS04-011 on April 13, 2004.

-  Microsoft encourages customers to protect themselves against this worm by
installing Microsoft Security Bulletin MS04-011
<www.microsoft.com/technet/security/bulletin/ms04-011.mspx> immediately.

-  Customers who have enabled the Windows XP Firewall are protected from the
vector this worm attacks, which is TCP Port 139.  Most third party firewalls
also block this attack vector by default.

If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should contact
Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338).  International customers should contact their local
subsidiary.

Thank you,
Microsoft PSS Security Team

Mark Fugatt
MCSE, MCT, Microsoft Exchange MVP
Pentech Office Solutions Inc
Rochester, NY
Tel: 585 586 3890
Cell: 585 576 4750
http://www.4mcts.com
http://www.exchangetrainer.com

Other related posts:

• » W32.SASSER WORM RELATING TO MS04-011 SECURITY ALERT

1. Home
2. exchangelist
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---