MS exec contacted us today - says 2nd Sasser on loose
From: Richard Lingard [link|mailto:richlin@microsoft.com|mailto:richlin@microsoft.com]
Sent: Wednesday, 5 May 2004 3:25 PM
To: abc.xyz@metcash.com
Subject: W32.SASSER WORM RELATING TO MS04-011
Dear [sent to my boss],
Please take the time to read the below security alert.
UPDATE:
- Earlier today a second version of SASSER was released. This version was also analyzed, and while it spreads differently, it too drops no damaging payload.
- Microsoft has developed a cleanup tool for W32.Sasser.worm. You will find this removal tool at [link|http://www.microsoft.com/downloads/details.aspx?FamilyId=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en|http://www.microsoft...mp;displaylang=en] and the corresponding Knowledge Base article KB841720 at [link|http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720|http://support.micro...d=kb;EN-US;841720]. This tool exists for customers infected with Sasser. Microsoft strongly encourages you to apply MS04-011 as soon as possible.
On April 30th, Microsoft has been made aware that a worm identified as \ufffdW32.Sasser.worm\ufffd is currently circulating on the Internet. The worm exploits the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011 on April 13, 2004. You or someone in your organization has likely received the Bulletin detailing these security updates. As a valued customer, we are contacting you again so you have the information and resources you need to help address any security issues that may arise. If you or your customers are still evaluating or testing these updates, we strongly recommend that you expedite your review and deployment of these updates. For the latest information please go to [link|http://www.microsoft.com/security|http://www.microsoft.com/security].
Microsoft Product Support Alert Details:
- Microsoft has been made aware of a worm identified as \ufffdW32.Sasser.worm\ufffd and it is currently circulating on the Internet. The worm exploits the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011 on April 13, 2004.
- Microsoft encourages customers to protect themselves against this worm by installing Microsoft Security Bulletin MS04-011 <www.microsoft.com/technet/security/bulletin/ms04-011.mspx> immediately.
- Customers who have enabled the Windows XP Firewall are protected from the vector this worm attacks, which is TCP Port 139. Most third party firewalls also block this attack vector by default.
If you have any questions regarding the security updates or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
Thank you,
Richard Lingard
Corporate Account Sales
Microsoft Pty Ltd
Phone: (02) 9870 2384
Mobile: 0413 584 569
Email: richlin@microsoft.com
Edited by
dmarker
May 5, 2004, 01:51:52 AM EDT
