Researchers at Internet Security Systems estimated 500,000 to one million Sasser infections.
Sasser exploits the Microsoft Local Security Authority Subsystem Service (LSASS) vulnerability, which Microsoft announced and issued a patch for last month.
The worm spreads by scanning randomly chosen IP addresses on unpatched Microsoft systems, according to Symantec. The vendor upgraded a second version of the worm, Sasser.B, to a Category 4 threat, meaning a severe threat.
Sasser affects Windows XP and Windows 2000 systems. A patch for the vulnerability the worm exploits can be downloaded from Microsoft's web site at www.microsoft.com