In This Newsletter:

At 11:34 A.M. Pacific Time on August 11, Microsoft began investigating a worm reported by Microsoft Product Support Services (PSS). A new worm commonly known as W32.Blaster.Worm has been identified that exploits the vulnerability that was addressed by Microsoft Security Bulletin MS03-026.

Who Is Vulnerable?

Users of the following products are vulnerable to infection by this worm:

Your computer is not vulnerable to the Blaster worm if either of these conditions apply to you:

4 Steps

If you are using Windows NT 4.0, Windows 2000, Windows XP, or Windows Server 2003, you should follow the steps in this sequence to help protect your system and to recover if your system has been infected.

  1. Enable a Firewall

    2. Make sure you have a firewall activated to help protect your computer against infection before you take other steps. If your computer has been infected, activating firewall software will help limit the effects of the worm on your computer.

    The latest Windows operating systems have a firewall built in. Windows XP and Windows Server 2003 users should print or save the following instructions for how to enable their firewall.

    If your computer is rebooting repeatedly, disconnect from the Internet before you enable your firewall. To disconnect your computer from the Internet:

    Follow the instructions provided for your operating system, and then reconnect to the Internet.

    Windows 2000 users: Alternatively, you can take steps to block the affected ports so that your computer can be patched. Here are some modified instructions from the TechNet article HOW TO: Configure TCP/IP Filtering in Windows 2000: http://go.microsoft.com/?linkid=220940.

  2. Update Windows

    3. If you are disconnected from the Internet, remember to reconnect before you take the next steps. Download and install the security update addressed in Security Bulletin MS03-026 for the version of Windows that you are using from the Microsoft Download Center.

  3. Use Antivirus Software

    4. Make sure you have the latest updates installed.

    Learn about Microsoft's Virus Information Alliance: http://go.microsoft.com/?linkid=220952.

  4. Remove the Worm

    5. If you think there is even the slightest possibility that your computer might be infected, use the worm removal tool available at your antivirus vendor's Web site. For additional details on this worm from antivirus software vendors participating in the Microsoft Virus Information Alliance (VIA) please visit the following links:

Microsoft Communities is your launching pad for communicating online with peers and experts about Microsoft products, technologies, and services: http://go.microsoft.com/?linkid=220929

THIS DOCUMENT AND OTHER DOCUMENTS PROVIDED PURSUANT TO THIS PROGRAM ARE FOR INFORMATIONAL PURPOSES ONLY. The information type should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED 'AS IS' WITHOUT WARRANTY OF ANY KIND. The user assumes the entire risk as to the accuracy and the use of this document. microsoft.com newsletter e-mail may be copied and distributed subject to the following conditions:
1. All text must be copied without modification and all pages must be included
2. All copies must contain Microsoft's copyright notice and any other notices provided therein
3. This document may not be distributed for profit