Jump to content

20 Year Old SMB (the basis for Windows Networking) Vulnerability Affects Many Applications


wa_desert_rat

Recommended Posts

SMB is enabled by default in every Windows OS since at least Windows 97 (and some iterations of W95). It is how Microsoft envisioned file sharing before tcp/ip and when Novell was the big competitor in that area. A known vulnerability back in the day made MS create a work-around configuration fix that almost solved it. But now there are some new variations to the vulnerability that has caused it to rear its ugly head.

 

It is especially bad if you use Internet Explorer as your web browser! This is because iexplore.exe has some direct links to the registry that other browsers do not have and is part of the reason MS is coming out with a completely new browser.

 

So, having said this, if you block outgoing tcp packets to ports 139 and 445 you will pretty much stop this vulnerability. But if you use a VPN blocking those ports at your router won't help. So just be aware of this. If your VPN endpoint allows tcp connections to ports 139 and 445 you could still be vulnerable.

 

Also, as you may have gathered, this vulnerability mostly affects networks. If you're on your laptop or a Windows tablet it's not that big of an issue. But block those ports if you can, anyway.

 

If you use Linux you probably aren't vulnerable even if you use Samba to share printers and files. But block the ports anyway unless you specifically need them.

 

Here's a link to the article: http://www.csoonline.com/article/2908476/vulnerabilities/18-year-old-smb-vulnerability-resurfaces-dozens-of-vendors-affected.html?phint=newt%3Dcso_update&phint=idg_eid%3Dafbdce93df1132e5de07d306edf23bac#tk.CSONLE_nlt_update_2015-04-14

 

There is a long list of applications and utilities that are subject to this vulnerability at the end of this article. You should take a look at them.

 

WDR

 

 

 

 

Link to comment
Share on other sites

 

... if you block outgoing tcp packets to ports 139 and 445 you will pretty much stop this vulnerability. But if you use a VPN blocking those ports at your router won't help. So just be aware of this. If your VPN endpoint allows tcp connections to ports 139 and 445 you could still be vulnerable.

 

Blocking port #445 will be a problem if any of the applications you work with need to interface with Active Directory.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
RVers Online University

campgroundviews.com

Our program provides accurate individual wheel weights for your RV, toad, and tow vehicle, and will help you trim the pounds if you need to.

RV Cable Grip

All the water you need...No matter where you go

Country Thunder Iowa

Nomad Internet

Rv Share

Dish For My RV.

RV Air.

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

The Rvers- Now Streaming

RVTravel.com Logo



×
×
  • Create New...