UPDATE: Product Support Services - W32.SASSER WORM RELATING TO MS04-011
From: Jerry Bryant [MSFT] (jbryant_at_online.microsoft.com)
Date: 05/05/04
- Next message: Crusty \(-: Old B_at_stard :-\): "Re: UPDATE: Product Support Services - W32.SASSER WORM RELATING TO MS04-011"
- Previous message: Bill Frisbee [MVP]: "Re: Server 2003 and Mac OS X"
- Next in thread: Crusty \(-: Old B_at_stard :-\): "Re: UPDATE: Product Support Services - W32.SASSER WORM RELATING TO MS04-011"
- Reply: Crusty \(-: Old B_at_stard :-\): "Re: UPDATE: Product Support Services - W32.SASSER WORM RELATING TO MS04-011"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 4 May 2004 17:36:23 -0700
UPDATE (05/04/2004):
- This alert is being updated to advise you of an update to Microsoft
Security Bulletin MS04-011. This update details additional workaround steps
which customers can take to protect against the LSASS vulnerability
(CAN-2003-0533). This is the vulnerability which is exploited by the Sasser
worm and its variants. Customers who have not yet deployed the security
update for MS04-011 can evaluate implementing this new workaround to protect
against the Sasser worm and its variants.
- In addition, Microsoft has updated the cleanup tool for W32.Sasser.worm
to remove the C and D variants of the Sasser worm. The Sasser removal tool
now removes Sasser A, B, C and D. The updated removal tool is located at
http://www.microsoft.com/downloads/details.aspx?FamilyId=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en
and is documented in Knowledge Base article KB841720
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720.
What is this alert?
- Microsoft has been made aware of a worm identified as "W32.Sasser.worm"
and it is currently circulating on the Internet. The worm exploits the
Local Security Authority Subsystem Service (LSASS) vulnerability fixed in
Microsoft Security Update MS04-011 on April 13, 2004.
- Microsoft encourages customers to protect themselves against this worm by
installing Microsoft Security Bulletin MS04-011
<www.microsoft.com/technet/security/bulletin/ms04-011.mspx> immediately.
- Customers who have enabled the Windows XP Firewall are protected from the
vector this worm attacks, which is TCP Port 139. Most third party firewalls
also block this attack vector by default.
If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should contact
Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338). International customers should contact their local
subsidiary.
Thank you,
Microsoft PSS Security Team
-- Regards, Jerry Bryant - MCSE, MCDBA Microsoft IT Communities Get Secure! www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Crusty \(-: Old B_at_stard :-\): "Re: UPDATE: Product Support Services - W32.SASSER WORM RELATING TO MS04-011"
- Previous message: Bill Frisbee [MVP]: "Re: Server 2003 and Mac OS X"
- Next in thread: Crusty \(-: Old B_at_stard :-\): "Re: UPDATE: Product Support Services - W32.SASSER WORM RELATING TO MS04-011"
- Reply: Crusty \(-: Old B_at_stard :-\): "Re: UPDATE: Product Support Services - W32.SASSER WORM RELATING TO MS04-011"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
