Please apply the MS04-011 patch IMMEDIATELY to protect your system against W32.Sasser worm

[Kenrick Fu]

A new MS-Blast-like worm is spreading across the Internet by exploiting the
LSASS Buffer Overrun Vulnerability, if your system is not yet patched
against this vulnerability, please download and install the critical update
IMMEDIATELY from
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Signs of infection:
You keep receiving the following error messages:
1. "LSA Shell (Export Version) has encountered a problem and needs to close.
We are sorry for the inconvenience."
2. Your system reboots due to the LSASS.exe error ), please use the
following steps to clean the system:

To clean the system, follow these steps:

NOTE:
If your system keeps restarting, you can abort the system shut down by:
Click Start, click Run and type "shutdown -a" (without quotations),
then click OK.

1. Download and install the critical update IMMEDIATELY from
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

2. Press Ctrl + Alt + Delete to bring up the Task Manager and terminate the
"avserve.exe" process, then delete the avserve.exe from C:\Windows and
restart your computer.

More information regarding this worm:
http://www.f-secure.com/v-descs/sasser.shtml
http://www.sarc.com/avcenter/venc/data/w32.sasser.worm.html

 

[Guest]

new MS-Blast-like worm is spreading across the Internet by exploiting the
LSASS Buffer Overrun Vulnerability, if your system is not yet patched
against this vulnerability, please download and install the critical update
IMMEDIATELY fro
http://www.microsoft.com/technet/security/bulletin/MS04-011.msp

 

[Micah]

Once more install the patch NOW!!

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

We don't want another MSBlast situation so get family and friends to
do so also, this has only been in the wild a few hours and I have seen
first hand a few infections already.

Micah.

 

[Brian C]

Will firewall stop it? Will virus programs the heuristic set to high
detect it? I have not got this virus

This is getting annoying with xp. You need to patch xp frequently.
I wander if sp2 beta is also effected. xp is now the most patched
system.

Brian C

On 1 May 2004 07:30:53 -0700, (e-mail address removed) (Micah) wrote:

Once more install the patch NOW!!

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

We don't want another MSBlast situation so get family and friends to
do so also, this has only been in the wild a few hours and I have seen
first hand a few infections already.

Micah.

Will firewall stop it? Will virus programs the heuristic set to high
detect it? I have not be infected with this virus at all. I am about
ready to give xp the boot to many vulnerabilities.

 

[Steve N.]

You folks REALLY should read ALL the information available. It's not
that difficult to find...

According to M$:

Firewall UDP ports 135, 137, 138, and 445, and TCP ports 135, 139, 445,
and 593

All unsolicited inbound traffic on ports greater than 1024

Any other specifically configured RPC port

It's not just a winXP vulnerability, it affects Win2K and Win2K3 server
as well.

BEFORE applying this patch read this and the links to see if your system
will be affected by known issues with this patch:

http://support.microsoft.com/default.aspx?scid=kb;en-us;835732

I believe the LSASS vulnerability has been exploited for months as I've
seen and read of several instances of unexplainable problems with the
LSASS service crashing and rendering systems unbootable.

Steve