J
Jerry Bryant [MSFT]
UPDATE (05/04/2004):
- This alert is being updated to advise you of an update to Microsoft
Security Bulletin MS04-011. This update details additional workaround steps
which customers can take to protect against the LSASS vulnerability
(CAN-2003-0533). This is the vulnerability which is exploited by the Sasser
worm and its variants. Customers who have not yet deployed the security
update for MS04-011 can evaluate implementing this new workaround to protect
against the Sasser worm and its variants.
- In addition, Microsoft has updated the cleanup tool for W32.Sasser.worm
to remove the C and D variants of the Sasser worm. The Sasser removal tool
now removes Sasser A, B, C and D. The updated removal tool is located at
http://www.microsoft.com/downloads/...B6B-4FC3-90D4-9FA42D14CC17&displaylang=en
and is documented in Knowledge Base article KB841720
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720.
What is this alert?
- Microsoft has been made aware of a worm identified as "W32.Sasser.worm"
and it is currently circulating on the Internet. The worm exploits the
Local Security Authority Subsystem Service (LSASS) vulnerability fixed in
Microsoft Security Update MS04-011 on April 13, 2004.
- Microsoft encourages customers to protect themselves against this worm by
installing Microsoft Security Bulletin MS04-011
<www.microsoft.com/technet/security/bulletin/ms04-011.mspx> immediately.
- Customers who have enabled the Windows XP Firewall are protected from the
vector this worm attacks, which is TCP Port 139. Most third party firewalls
also block this attack vector by default.
If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should contact
Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338). International customers should contact their local
subsidiary.
Thank you,
Microsoft PSS Security Team
--
Regards,
Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities
Get Secure! www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
- This alert is being updated to advise you of an update to Microsoft
Security Bulletin MS04-011. This update details additional workaround steps
which customers can take to protect against the LSASS vulnerability
(CAN-2003-0533). This is the vulnerability which is exploited by the Sasser
worm and its variants. Customers who have not yet deployed the security
update for MS04-011 can evaluate implementing this new workaround to protect
against the Sasser worm and its variants.
- In addition, Microsoft has updated the cleanup tool for W32.Sasser.worm
to remove the C and D variants of the Sasser worm. The Sasser removal tool
now removes Sasser A, B, C and D. The updated removal tool is located at
http://www.microsoft.com/downloads/...B6B-4FC3-90D4-9FA42D14CC17&displaylang=en
and is documented in Knowledge Base article KB841720
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720.
What is this alert?
- Microsoft has been made aware of a worm identified as "W32.Sasser.worm"
and it is currently circulating on the Internet. The worm exploits the
Local Security Authority Subsystem Service (LSASS) vulnerability fixed in
Microsoft Security Update MS04-011 on April 13, 2004.
- Microsoft encourages customers to protect themselves against this worm by
installing Microsoft Security Bulletin MS04-011
<www.microsoft.com/technet/security/bulletin/ms04-011.mspx> immediately.
- Customers who have enabled the Windows XP Firewall are protected from the
vector this worm attacks, which is TCP Port 139. Most third party firewalls
also block this attack vector by default.
If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should contact
Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338). International customers should contact their local
subsidiary.
Thank you,
Microsoft PSS Security Team
--
Regards,
Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities
Get Secure! www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
