Interesting article on how MSRC responded to the recent sasser virus....
When indications of a worm exploiting the LSASS vulnerability in Windows surfaced April 30, the staff at Microsoft Corp."s Security Response Center didn"t hesitate; they knew exactly what to do.
Within an hour of the first reports of the worm, which would later come to be known as Sasser, Kevin Kean was on a conference call with the company"s internal penetration testers, field representatives and partners in the Virus Information Alliance. The group went over details to determine whether the threat was serious enough to call out the heavy hitters and move into what"s known as "immediate response" phase.
It was pretty clear to us at that point that this could be serious, so we decided to mobilize," said Kean, director of the MSRC, in Redmond, Wash.