Sasser Worm Exploits MS04-011 Vulnerability | Tony Bradley

Sasser Worm Exploits MS04-011 Vulnerability

by Tony Bradley • May 1, 2004 • Blog

On April 13 Microsoft released their security bulletins for the month of April. The first one, MS04-011, was a security roll-up package which identified a number of new vulnerabilities and included the fixes for these new vulnerabilities as well as many old vulnerabilities.

By exploiting a buffer overflow vulnerability in LSASS.exe (Local Security Authority Server Service), a Windows process which handles local security functions, this worm is able to spread from vulnerable machine to vulnerable machine without requiring any user interaction or intervention.

According to antivirus firm Network Associates, a side effect of being infected is that LSASS.exe will crash resulting in a forced system reboot on most systems.

Infected machines will attempt to scan different IP address ranges searching for other vulnerable systems to infect and will open TCP ports 5554 and 9996.

Antivirus vendors are ranking this as a Medium threat already which means that it is spreading rapidly. Make sure you have your antivirus software updated and, more importantly, make sure you apply the patch for MS04-011 to your system before a new worm comes out exploiting a different vulnerability from this security bulletin.

Tags: antivirus software, buffer overflow vulnerability, exploits, ip address ranges, local security, Microsoft, month of april, network associates, new worm, sasser worm, security bulletins, security functions, security-bulletin, server service, tcp ports, vulnerabilities, vulnerable systems

About Tony Bradley

Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

http://www.tonybradley.com
My Sites
Testimonials
“Tony is an accomplished, certified, and highly respected authority on Information Security. If you've got questions, I'd highly encourage you to reach out to him.”
Ted Green
Evangelyze Communications
Twitter
- Facebook marketing may not be worth it for GM's $10 million, but that doesn't mean that Facebook ads don't work. It… https://t.co/4ilENa2T about 23 hours ago from ManageFlitter Reply Retweet Favorite
- Why Facebook Marketing Doesn't Work for GM. http://t.co/WN0RBkxa about 23 hours ago from TweetDeck Reply Retweet Favorite
- New and Improved SkyDrive Is a Threat to Dropbox. http://t.co/7pblpuQ7 01:58:01 PM May 16, 2012 from web Reply Retweet Favorite
@thetonybradley
Facebook

Tony Bradley on Facebook