On April 13 Microsoft released their security bulletins for the month of April. The first one, MS04-011, was a security roll-up package which identified a number of new vulnerabilities and included the fixes for these new vulnerabilities as well as many old vulnerabilities.

By exploiting a buffer overflow vulnerability in LSASS.exe (Local Security Authority Server Service), a Windows process which handles local security functions, this worm is able to spread from vulnerable machine to vulnerable machine without requiring any user interaction or intervention.


According to antivirus firm Network Associates, a side effect of being infected is that LSASS.exe will crash resulting in a forced system reboot on most systems.

Infected machines will attempt to scan different IP address ranges searching for other vulnerable systems to infect and will open TCP ports 5554 and 9996.

Antivirus vendors are ranking this as a Medium threat already which means that it is spreading rapidly. Make sure you have your antivirus software updated and, more importantly, make sure you apply the patch for MS04-011 to your system before a new worm comes out exploiting a different vulnerability from this security bulletin.