"Sasser" Worm Outbreak on Internet 03 May 2004 A worm has been released on the Internet which exploits a vulnerability previously announced April 13. To avoid infection your system must be fully patched. Using the Windows Automatic update feature is strongly recommended. Follow these directions: http://infosec.yorku.ca/FAQ/using_windows_update.html Unpatched or infected systems may be disconnected from the network without notice. This worm spreads directly over the network without the use of email. Users of infected computers will notice their systems halt and display messages about the "LSA Shell" and the need to shut down. Infected computers often become sluggish and unresponsive as the worm consumes system resources as it scans for new hosts to infect. If you believe your computer is infected, contact your local technical support. You may also download and run the following removal tool from Symantec: http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html Background: Previous advisory regarding LSASS/MS04-011: http://infosec.yorku.ca/Advisories/ms04-011.html Questions or concerns about this should be directed to the CNS Helpdesk in the Computing Commons, William Small Centre, (voice: 416-736-5800, email: [log in to unmask]).