Microsoft responds to Sasser worm threat
crn.com | at | by Mike
Its popular operating system once more the avenue of attack for a new and dangerous Internet worm, Microsoft on Tuesday called an unscheduled technical update to assist VARs and IT pros in combating the Sasser worm threat.
Sasser doesn't arrive as an e-mail attachment. Instead, the worm actively seeks out vulnerable IP addresses and enters a system through TCP port 445, said Kevin Kean, director of Microsoft's Security Response Center, Redmond, Wash. Sasser moves through other ports, but enters and infects a new client or server solely through port 445, Kean said. Once Sasser enters a client or server, it sends a packet to produce a buffer overrun on LSASS.EXE, which causes the program to crash, the infected system to crash and then requires a Windows reboot.