TechNet Home > TechNet Security

PSS Security Response Team Alert - Sasser Worm and Variants

Published: May 1, 2004 | Updated: January 11, 2005

SEVERITY: CRITICAL

DATE: May 1, 2004

UPDATED: January 11, 2005

PRODUCTS AFFECTED: Windows 2000, Windows XP

IMPACT OF ATTACK: Remote Execution of Code

WHAT IS IT?

The PSS Security Team is updating this alert to make customers aware of the “W32.Sasser.worm” and its variants. Currently, Microsoft is aware of the original Sasser worm and, B, C, D, E and F variants. All worms exploit the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011 on April 13, 2004.

Microsoft encourages customers to protect themselves against this worm by installing Microsoft Security Bulletin MS04-011 immediately.

TECHNICAL DETAILS:

For the latest technical updates from Microsoft on the Sasser worm and its variants, view the following:

Malicious Software Encyclopedia
Details: Win32/Sasser: http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/Sasser

View the on-demand version of the 9:00 AM PDT May 4, 2004 Microsoft Technical Update Webcast on the Sasser Worm:
http://go.microsoft.com/fwlink/?LinkId=28571

Please contact your Antivirus Vendor for additional details on this virus.

PSS Security Response Team


Top of pageTop of page