W32.Sasser.Worm Strikes
Posted on: 05/02/2004 09:33 AM

A quick Sunday morning prompt for you to remind your family & friends whose machines you 'look after' (or you get the call when something goes wrong) to get Windows and AV patches/definitions up to date. W32.Sasser.Worm is out and appears to have similar potential to the Blaster/Lovsan exploit of last summer - taking advantage of the LSASS vulnerability for which a patch was recently released.
W32.Sasser.Worm is a worm that attempts to exploit the MS04-011 vulnerability. It spreads by scanning randomly-chosen IP addresses for vulnerable systems.
With two weeks from patch to exploit compared to Blaster's four - I wonder what will happen if the next exploit appears before a patch? With a 'B' variant already circulating, I guess we'll now be able to judge the success of Microsoft's security drive and how general security practice has improved since Blaster.

Printed from 2CPU.com (http://www.2cpu.com/contentteller.php?ct=news&action=story&page=w32sasserworm_strikes.html)