Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Remains Vulnerable To Serious 18-Year-Old SMB Security Flaw

Posted by samzenpus on from the protect-ya-neck dept.

Mark Wilson writes A serious security hole leaves millions of Windows users open to attack, making it possible to extract encrypted credentials from a target machine. Researchers at Cylance say the problem affects "any Windows PC, tablet or server" (including Windows 10) and is a slight progression of the Redirect to SMB attack discovered by Aaron Spangler way back in 1997. Redirect to SMB is essentially a man-in-the-middle attack which involves taking control of a network connection. As the name suggests, victims are then redirected to a malicious SMB server which can extract usernames, domains and passwords. Cylance also reports that software from companies such as Adobe, Oracle and Symantec — including security and antivirus tools — are affected.

4 of 171 comments (clear)

  1. used devastatingly already by circletimessquare · · Score: 5, Interesting

    apparently this is how sony got hacked

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:used devastatingly already by fuzzyf · · Score: 5, Interesting

      Man in the middle using SMB share. That requires someone to be on the local network to begin with.
      Could be used after pivoting, but not as a first foothold attack.

  2. Re:Wow, this *IS* old... by mmell · · Score: 2, Interesting
    Yeah, but . . .

    Are there any Windows Administrators out there with I.Q.'s > 90 that knowingly and intentionally leave ports 137, 138, 139 and/or 445 open to the Intartubes?

  3. Re:Wow, this *IS* old... by Gumbercules!! · · Score: 2, Interesting

    Yeah sadly, there's heaps of them. People who connect their Windows machine to the internet by establishing the PPPoE session from the machine, for one. People who rent a VM from a cloud provider and just get a straight up Windows box with no firewall, for two. If you think there's not a lot of those, believe me, there are. We run a cloud computing company and we frequently (ok, by frequently I mean a few times a year, I suppose - but we're just one company) get requests for people to have a Windows box with no firewall (other than the Windows one) because "it gets in the way", etc.

    As a service provider, I am not sure how to handle this because, technically, it's "their server". I mean, I can provide them all the advice I want but making them listen is another thing altogether.

    In one case, I showed the guy that I could map a drive to his server, over the public internet and that he needed to deny all ports other than the one he needed open (443) but it's like speaking to a child. They don't understand why it's a problem and they just want what they think they want and they want it, now.

    So I am not really sure how to handle this. Wherever I can, I don't give them the choice - I just enforce an upstream firewall but at the end of the day, if someone wants to pay money to own a VM and they're not (yet) causing any problems for anyone other than themselves...I can't be in business if I keep saying no to everyone. So yeah - there are plenty of Windows people out there who expose everything to the world.