WINDOWS XP and 2000 users are advised to immediately apply patch against a new worm that exploits the the local security authority subsystem service (LSASS) vulnerability.

"This is to prevent users from being attacked by this new worm and future worms which are potentially as devastating as the Nachi worm." said Lt Col Husin Jazri, director of the National ICT Security and Emergency Response Centre INiser).

He added that a buffer-overrun vulnerability exists in LSASS. allowing remote attackers to execute arbitrary code on the system and permitting them to completely compromise the system.

MyCert has recpived the latest reports regarding the spread of a new worm related to the vulnerability,said its manager Solahuddin Shamsuddin.

Many security experts anticipate that a MSBlast-type worm could be ahead.

The Internet Storm Center, which is operated by the SysAdmin, Audit, Network Security Institute (SANS), has also found evidence of a code that takes advantage of this vulnerability.

The flaw that exists in LSASS has been added to an automated attack agent, or bot, known as AgoBot. Such programs run invisibly on a compromised computer, giving an intruder full control of the system and the ability to use it.

Solahuddin said last Friday that MyCert has yet to receive any report from local users or organisations regarding the attack. However, it will keep monitoring the situation and release follow-up alerts/advisories if necessary through its Web site (wwwmycert.org.my).