-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief May 1, 2004
Microsoft LSASS Sasser Worm Propagation Synopsis: ISS X-Force has captured active samples of an automated Internet worm that propagates via the LSASS MS-RPC vulnerability documented in a previous ISS X-Force Alert (http://xforce.iss.net/xforce/alerts/id/169). Sasser is currently attempting to propagate aggressively across the Internet. Impact: A large percentage of Internet-connected desktops and servers may be vulnerable to infection by Sasser. Large infection rates on local networks may lead to network slow-downs or outages, however the current infection base is not large enough to impact network availability to any significant degree. Common network-filtering policies have limited the infection rate of Sasser. Unsuccessful exploitation attempts by this worm will cause target systems to restart unexpectedly. The impact of Sasser can be limited through implementation of proper protection measures. Protection details are included in the recommendations section of the alert. For the complete X-Force Alert, please visit: http://xforce.iss.net/xforce/alerts/id/172 ______ About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2004 Internet Security Systems, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email xforceiss.net for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as well as at http://www.iss.net/security_center/sensitive.php Please send suggestions, updates, and comments to: X-Force xforceiss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBQJPx8TRfJiV99eG9AQH0ygP+J/ZifNUZRRitKbQNSgcMGI8oOQMr57bN mNj99ZkE1mbkhFaI8wYTCEGWm+5LVP24Cxb0OZiK3s8N85vc0hZ8Gdz2+dF/mJTm Z4ThToZ02L45qenjs3RZyoOgkjcrXhPRTh/Yra3ExEvZNJFFOd77NPZ1SLgx3Msq Iti+MWkkQwY= =0Rwv -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
