There is a buffer overflow in the Local Procedure Call (LPC) interface to the LSASS
which allows an attacker with local access to escalate their privileges to a higher level within the business-critical IT infrastructure.
The most prevalent attacks came from several worms, such as Sasser and Korgo, seeking to exploit a vulnerability located within LSASS
, a security component of the Microsoft Windows operating system.
Immediately following Microsoft's disclosure of the vulnerability on April 13, TippingPoint delivered a Virtual Software Patch in a Digital Vaccine update to UnityOne Intrusion Prevention Systems that guarded the entire LSASS vulnerability.
When the worm exploits the LSASS vulnerability, the host will likely crash or reboot as a side effect.
Although Microsoft first issued a patch to protect against the LSASS
vulnerability on April 13th, many organizations were unable to patch their systems ahead of the rapidly spreading Sasser worm.
LURHQ predicted the emergence of an LSASS
-based worm in its April 29th Advisory announcing the availability of the LSASS