The Sasser computer worm affects computers running vulnerable versions of the Microsoft operating systems Windows XP and Windows 2000. It spreads by exploiting the system through a vulnerable network port, making it very deadly since it can spread without the help of the user. However, a properly configured firewall or downloading patches from Windows Update can stop it in its tracks. The specific hole Sasser exploits is documented by Microsoft in its MS04-011 bulletin, for which a patch has been released.

The Sasser worm was first noticed and started spreading in the wild on April 30, 2004. This particular worm was named Sasser because it spreads by exploiting a buffer overflow in the component known as LSASS (Local Security Authority Subsystem Service) on the affected operating systems. It scans different ranges of IP addresses and connects to victims’ computers primarily through TCP port 445. It may also spread through port 139. The LSASS vulnerability was patched by Microsoft in its April 2004 installment of monthly security packages, prior to the release of the worm. There are speculations, however, that the writers of the worm reverse-engineered the patch to discover the vulnerability, which would open millions of computers whose operating system had not been upgraded with the security update.

Some products that are affected by the Sasser Worm include:

Microsoft Windows XP and Windows XP Service Pack 1
Windows 2000 Service Pack 2
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4

Some products that are not affected by the Sasser Worm include:

Windows XP 64-Bit Edition Version 2003
Windows Server™ 2003
Windows XP 64-Bit Edition Service Pack 1
Windows Millennium Edition
Windows 98 Second Edition
Windows 98
Windows NT 4.0 Service Pack 6a

For more information on the Sasser Worm and how else toprotect your computer, please visit Wikipedia and UpDateXP.