May 2004

Sasser Worm

On April 30th, a new worm, Sasser, was released into the wild. This exploits a buffer overflow vulnerability in LSASS and works by scanning the internet for vulnerable PCs and infecting them directly. You don't have to open an email or visit a web site to get infected. Microsoft released a critical update to patch this vulnerability on April 23th, which can be got from Security Bulletin MS04-011 or Windows Update.

After applying the patch, reboot and disinfect your PC with McAfee's Stinger.

The Internet Storm Centre says this about Sasser.

Earlier in this weblog I gave details about patching to prevent the MS-Blaster Worm infecting your PC. There's an updated RPC patch available at MS04-012 (or from Windows Update).

The time to patch is now, not tomorrow, or next week, so get patching.

Microsoft releases its security updates on the second Tuesday of the month, in the early evening GMT. So the second Wednesday of the month is a good time to do your patching.