Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Won't Patch 20-Yr-Old SMBv1 Vulnerability (You Should Just Turn the Service Off) (onmsft.com)

Posted by msmash on from the security-woes dept.

An anonymous reader shares a news post: Following the recent WannaCry and Petya ransomware attacks, Microsoft recommended all Windows 10 users to remove the unused but vulnerable SMBv1 file sharing protocol from their PCs. This is because both variants of the ransomware actually used the same SMBv1 exploit to replicate through network systems, even though it seems that Petya mostly affected Windows PCs in Ukraine. Anyway, if you haven't turned off the protocol on the PC already, you really should: Not only because new WannaCry/Petya variants could once again use the same vulnerability again to encrypt your files, but because another 20-year-old flaw has just been unveiled during the recent DEF CON hacker conference. The SMB security flaw called "SMBLoris" was discovered by security researchers at RiskSense, who explained that it can lead to DoS attacks affecting every version of the SMB protocol and all versions of Windows since Windows 2000. More importantly, a Raspberry Pi and just 20 lines of Python code are enough to put a Windows server to its knees.

5 of 131 comments (clear)

  1. why was SMB1 still enabled 20 years later? by Anonymous Coward · · Score: 5, Insightful

    Why doesn't Microsoft patch the OS so that SMB1 is disabled entirely? I mean MS already shoves all sorts of crap down your throat anyways, why can't that unshove shit?

  2. Re:So when will HP upgrade? by Anonymous Coward · · Score: 5, Insightful

    Or operating systems from MS.

  3. Re:my two cents... by BronsCon · · Score: 3, Insightful

    I couldn't see the move as any more disastrous as entire hospitals going offline...

    What, pray tell, do you think happens when the whole reason the hospital has SMB1 enabled on its systems in the first place is to talk to multi-hundred-thousand- and multi-million-dollar pieces of medical equipment (think MRI and such) that don't speak SMB2?

    Therein lies the rub.

    Yes, those machines should be on an air-gapped network shared only with the workstations used to control and operate them. No, the vendors of those machines will not allow that because they want realtime monitoring of the equipment. Blame those vendors for Microsoft really not being able to do anything about this; it's not like hospitals can say "fine, if you won't sell us a more up-to-date MRI we just won't have one at all", they'd face liability for not utilizing every available means of diagnosis and treatment.

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  4. There's a patch for this. by stooo · · Score: 1, Insightful

    There's a patch for this.
    https://linuxmint.com/download...

    --
    aaaaaaa
  5. You missed the patch for systemd. by jimtheowl · · Score: 2, Insightful

    https://www.freebsd.org/