LSASS, the Local Security Authority Server Service, helps manage IP security and authentication for Windows networking. Several buffer overflow exploits published this week are known to provide attackers full remote administrative privileges on Windows 2000 (Pro and Server) and Windows XP. Sasser detects a target computer’s operating system, and varies its tactics for the different Windows OSes. Systems that have applied the Microsoft patch for update MS04-11 are protected from Sasser.
The relatively modest early impact of Sasser suggest protracted warnings may have brought improved compliance for Windows users patching their machines. It’s worth noting that Windows Update received about twice the normal level of traffic following the April 11 release MS04-11, causing server slowdowns for the crucial service. Internet Security Systems also noted that “common network-filtering policies have limited the infection rate of Sasser.”