Turn on those firewalls: Sasser on the loose

Public service advisory: there’s a new worm out nicknamed “Sasser” that exploits the LSASS vulnerability reported and patched two weeks ago. The worm, like Blaster, spreads directly from machine to machine, so make sure to enable your firewall (it hits on ports 445 and 5554). Details about Sasser here, here, here, here, etc.. Removal tools here, here, here, here. First posting about the worm, from a Microsoft MVP blogger, here.