Last week, I wrote about the most recent security patches from Microsoft as well as new exploits that take advantage of related problems. I also mentioned that if you haven't loaded the Microsoft Security Bulletin MS04-011 (Security Update for Microsoft Windows) patch, then your systems are sitting ducks. As it turns out, duck hunting season just opened.
Several worms are now spreading and taking advantage of problems that can be remedied by the MS04-011 patch. According to the SANS Institute's Internet Storm Center, variants of the Gaobot worm target systems that don't have the MS04-011 patch. In addition, at least three variants of the Sasser worm target the same vulnerabilities. http://www.incidents.org/diary.php?date=2004-05-02
Of course, all the companies that provide preventive measures, including makers of antivirus software and Intrusion Detection Systems, are updating their tools to provide protection. Some have also provided removal tools in case your systems have become infected by the Sasser worm variants. If your systems have become infected and you need quick help removing worms, check with your antivirus vendor to determine whether it's released Sasser removal tools.
Microsoft has released a bulletin regarding the Sasser worm as well as a tool that helps with worm removal. You can find it at the first URL below. If you need help with worm removal, remember that Microsoft provides free support for security matters. United States and Canadian residents can reach the company toll free at 866-727-2338, or anyone can go to the second URL below and click the "Send us an online request for support" link.
If you've loaded the patch already and have experienced problems or if you're considering loading the patch soon, be aware that known problems with the patch might affect your network environment. For more information, see the Microsoft article "Your computer stops responding, you cannot log on to Windows, or your CPU usage for the System process approaches 100 percent after you install the security update that is described in Microsoft Security Bulletin MS04-011," http://support.microsoft.com/?kbid=841382.