to the fullest extent of the law.
• As always, Microsoft continues to recommend that all customers visit www.microsoft.com/protect
to take the three key steps to protect their PCs. The three key steps are:
1. Use an Internet Firewall on all PCs and Laptops: An Internet firewall
can help prevent outsiders from getting to your computer through the
Internet. If you use Microsoft Windows® XP, enable the built-in firewall.
2. Update Your Computer: Windows includes the automatic updates feature
(Windows Update) which can automatically download the latest Microsoft
security updates. Windows 98 SE and Windows ME can be updated from
3. Use Up-to-Date Antivirus Software: Installing, configuring and
maintaining antivirus protection is absolutely essential.
Frequently asked questions
What does LSASS stand for?
Local Security Authority Subsystem Service
When was Microsoft made aware of Sasser?
Late Friday April 30th.
How do you know you’re infected?
If your computer is infected with the W32.Sasser.worm, you may see a
dialog box with an LSASS.exe error. Some customers whose computers have
been infected may not notice the presence of the worm at all, while others
who are not infected may experience problems because the worm is
attempting to attack their computer. Typical symptoms may include systems
rebooting every few minutes without user input.
Windows Server 2003 systems are not at risk from this Worm.
What does the worm do to the users system?
Our investigation is still ongoing; however the worm appears to infect a
vulnerable system then immediately seeks to infect other systems. We are
continuing our investigation to determine any further actions the worm may
seek to take.
Is there a fix available?
Yes, install MS04-011.
Are there workarounds?
Yes, there are workarounds available including implementing firewall best
practices, standard default firewall configurations and PYPC guidelines.
Additional information on workarounds can be located at the following URL:
Are there side effects of the workaround?
Side effects of the workaround can be found at the following URL: