Microsoft issues Sasser worm patch

Link: Viruses wreak havoc on business

Microsoft customers are being urged to update their patches to protect against a family of internet worms that are spreading fast by exploiting a vulnerability in the Windows operating system.

The Sasser worms exploit the Windows ‘Local Security Authority Subsystem Service’ (LSASS) flaw, which Microsoft recently advised on. Four variants of the worm have been reported since 1 May.

Security software firm McAfee warned systems are especially at danger, as the virus does not spread via email and no user action is required to propagate it further, anti-virus companies have warned. It simply instructs vulnerable systems to download and execute its viral code.

‘Computers which are not properly protected with anti-virus updates, firewalls and Microsoft’s security patch are asking for trouble,’ added Graham Cluley, senior technology consultant at anti-virus firm Sophos in a statement. Sophos said it has received many reports of this worm in the wild.

Panda Software’s Luis Corrons also said that Sasser looked a virulent worm. ‘All these signs make for a dark forecast for the beginning of the week when it is expected that the number of incidents will soar at the beginning of the work day,’ he said in a statement.

The worm scans random IP addresses for vulnerable systems. When a vulnerable system is found, the worm sends a specially crafted packet to produce a buffer overrun on LSASS.EXE, which causes the program to crash, and essentially the infected system to crash, requiring Windows to reboot.

‘More infections can lead to increased network traffic and result in severe network slowdowns, like an internal denial-of-service,’ said Joe Hartmann, senior virus researcher and analyst for Trend Micro.

The worm affects Windows 95, 98, ME, NT, 2000 and XP platforms. Customers are recommended to apply the necessary vulnerability patches available from Microsoft to address the LSASS vulnerability.

The Microsoft patch can be found at

Related reading

HMRC banknotes