This is the Trace Id: 0ef9663fb50d4e1aa5ad9dddd8d7bc7f
Skip to main content Report Security Vulnerability Report Abuse Report Infringement Submission FAQs Reporting Vulnerability Security Update Guide Exploitability index Developer API documentation Frequently Asked Questions Technical Security Notifications Glossary Microsoft Bug Bounty Programs Microsoft Active Protections Program BlueHat Security Conference Researcher Recognition Program Windows Security Servicing Criteria Researcher Resource Center Mission Cyber Defense Operations Center Coordinated Vulnerability Disclosure Social Microsoft Security Response Center Security Research & Defense BlueHat Conference Blog Security Researcher Acknowledgments Online Services Researcher Acknowledgments AI Safety Acknowledgements Security Researcher Leaderboard

Sasser Worm Anniversary & MSRC Learnings

MSRC
/ By MSRC /

It’s been just over a year since we experienced our last major network worm outbreak, Sasser, which exploited a vulnerability in the LSASS component of Windows in April 2004.

On the security response team at Microsoft, it is part of our process to do post mortems after incidents or outbreaks and review how we can better manage these incidents more effectively for customers. We did that after Slammer, which actually prompted the development of our Software Security Incident Response Plan; we did it exhaustively for months after Blaster; and again after Sasser.

It’s interesting to chart how much more effective we’ve become after each incident. When Blaster happened in August 2003, we were just in the implementation stages of a security incident response process – and it is fair to say that we did not have all the pieces in place yet when that worm attacked millions of customers around the world. Consequently, it took 38 long and painful days for our customers and for us before recovery. After Blaster, we spent many, many hours in post mortem and to learn how to refine our processes. We also spent many hours throughout the company drilling on our incident response process – making sure that we were prepared and able to mobilize worldwide – across product groups, subsidiaries – through all parts of the company if a significant outbreak occurs. So when Sasser broke out we fully exercised our worldwide mobilization process – paging and waking up stakeholders and account managers around the world to get critical remediation information and tools to customers immediately. Because of the improvements in our processes, time to recover for Sasser was 5 days compared to 38 days for Blaster. And of course, through our work with law enforcement – sharing our forensic analytics - we were able to assist in the arrest of the individual responsible for unleashing Sasser just 7 days after the attack.

Our response process continues to evolve and has reached still a new level of maturity in the last year since Sasser. We regularly review and refine as part of our ongoing commitment – which is deeply felt by everyone on the team - to help keep customers secure.

I was pleased to read Ryan Naraine’s retrospective on the anniversary of Sasser in eWeek. I encourage folks to take a look: http://www.eweek.com/article2/0,1759,1816530,00.asp.

-Debby Fry Wilson

*This posting is provided “AS IS” with no warranties, and confers no rights.*

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads