Sasser outbreak shows need for quick patch response

The Sasser worm outbreak, which disrupted operations at some businesses but left most virtually untouched, highlighted the difference a good vulnerability management strategy can make to a company's defenses, users and analysts said.

The W32/Sasser worm started spreading a week ago and by the middle of this week had infected hundreds of thousands of systems globally.

The worm took advantage of a flaw, which was disclosed by Microsoft on April 13, in a Windows security and authentication component. Microsoft released a patch to fix the problem on the same day, and since then, the company and several security experts have been urging users to install the update as soon as possible.

The fact that the worm managed to infiltrate some corporate networks despite the warnings shows that there's still progress to be made in promptly responding to such vulnerabilities, said Art Manion, a member of the CERT Coordination Center at Carnegie Mellon University.

"Some organizations have streamlined patching and policy management to roll out important updates in a matter of days," said Ken Dunham, an analyst at iDefense. "Others are so careful and test so many features that they end up being vulnerable for an extended period of time."

A large majority of those infected were believed to be home users. But several large organizations were hit as well, including American Express. An American Express spokeswoman said that "some employee desktops" were affected by the worm. "But we never had any issues with our networks or service."

"This was a big one. But I am amazed that it got as far as it did," said Firas Rouf, chief operating officer at eEye Digital Security, a provider of vulnerability assessment services.

Several users said companies would have been protected if they had followed long-recommended security measures, such as knowing where vulnerabilities exist, prioritizing threats and responses, applying appropriate patches, keeping antivirus software up to date, blocking unused ports and installing firewalls on end-user desktops.

TRW Automotive Holdings escaped Sasser thanks largely to new patch management software that it had just finished deploying across 22,500 systems globally. The software from BigFix helped TRW identify vulnerable systems and deploy patches to them in an automated fashion.

"The big thing was the speed with which we were able to deploy patches to our desktops," said Bill Blix, TRW's global infrastructure vulnerability manager.

Meanwhile, software- and hardware-based firewalls installed on every end-user system protected drug research firm Tripos against Sasser.

As soon as the company heard of the vulnerability, it changed the settings on those firewalls to proactively block any attacks, said Jerry Wintrode, senior network architect at Tripos. It also changed the settings on a policy enforcement server at the edge of its networks so that it would automatically shut out any remote system that might have somehow been infected, Wintrode said.

Attackers are getting quicker and more efficient at taking advantage of new flaws. Last year's damaging Blaster worm -- to which Sasser was compared -- took about a month to hit the Internet after the flaw it exploited was first announced. In contrast, Sasser took less than three weeks.

Patches and work-arounds can be faulty or break existing applications and need to be carefully tested before they are deployed. Companies also need to put in extra effort to ensure that systems belonging to mobile and home-based users don't infect otherwise clean networks. But a plethora of tools are becoming available today that are making the task easier, Rouf said.

"It's not easy," he said. "On the other hand, it's not as hard as it used to be."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?