Jump to content

20 Year Old SMB (the basis for Windows Networking) Vulnerability Affects Many Applications


Recommended Posts

SMB is enabled by default in every Windows OS since at least Windows 97 (and some iterations of W95). It is how Microsoft envisioned file sharing before tcp/ip and when Novell was the big competitor in that area. A known vulnerability back in the day made MS create a work-around configuration fix that almost solved it. But now there are some new variations to the vulnerability that has caused it to rear its ugly head.

 

It is especially bad if you use Internet Explorer as your web browser! This is because iexplore.exe has some direct links to the registry that other browsers do not have and is part of the reason MS is coming out with a completely new browser.

 

So, having said this, if you block outgoing tcp packets to ports 139 and 445 you will pretty much stop this vulnerability. But if you use a VPN blocking those ports at your router won't help. So just be aware of this. If your VPN endpoint allows tcp connections to ports 139 and 445 you could still be vulnerable.

 

Also, as you may have gathered, this vulnerability mostly affects networks. If you're on your laptop or a Windows tablet it's not that big of an issue. But block those ports if you can, anyway.

 

If you use Linux you probably aren't vulnerable even if you use Samba to share printers and files. But block the ports anyway unless you specifically need them.

 

Here's a link to the article: http://www.csoonline.com/article/2908476/vulnerabilities/18-year-old-smb-vulnerability-resurfaces-dozens-of-vendors-affected.html?phint=newt%3Dcso_update&phint=idg_eid%3Dafbdce93df1132e5de07d306edf23bac#tk.CSONLE_nlt_update_2015-04-14

 

There is a long list of applications and utilities that are subject to this vulnerability at the end of this article. You should take a look at them.

 

WDR

 

 

 

 

1993 Foretravel U225 with Pacbrake and 5.9 Cummins with Banks

1999 Jeep Wrangler, 4" lift and 33" tires

Raspberry Pi Coach Computer

Ham Radio

Link to comment
Share on other sites

Thanks for sharing.

 

Safe Travels!

SKP #89742 - Lifetime membership - Member of the SKP Class of 2007
Good Sam Club - Lifetime Member
DataStorm #5423
Passport America - Lifetime Member
Sons Of The American Revolution (SAR) - Lifetime Member
American Legion - USAF - Lifetime Member
Rotary Club Member - 30 years

Escapee CARE Supporter

National Wildlife Refuge Volunteer

Link to comment
Share on other sites

 

... if you block outgoing tcp packets to ports 139 and 445 you will pretty much stop this vulnerability. But if you use a VPN blocking those ports at your router won't help. So just be aware of this. If your VPN endpoint allows tcp connections to ports 139 and 445 you could still be vulnerable.

 

Blocking port #445 will be a problem if any of the applications you work with need to interface with Active Directory.

The Spacenorman

2012 Holiday Rambler Endeavor 43' DFT

2012 Jeep Liberty

Our Travel Website: www.penquinhead.com​

Link to comment
Share on other sites

 

Blocking port #445 will be a problem if any of the applications you work with need to interface with Active Directory.

Blocking port 445 at the edge router shouldn't be an issue. No one should be using Netbios across the Internet unless it's in a VPN anyway.

 

WDR

1993 Foretravel U225 with Pacbrake and 5.9 Cummins with Banks

1999 Jeep Wrangler, 4" lift and 33" tires

Raspberry Pi Coach Computer

Ham Radio

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...