News

CERT Warns of Windows Shares Vulnerability

Enterprise IT needs to get tough on remote users to make sure broadband connections are secure, a new bulletin from the CERT/CC shows.

The security researchers at CERT are finding an increase in reports of Windows 2000 and Windows XP system compromises due to poorly protected file shares. Attackers are exploiting weak or missing passwords on Administrator accounts on Server Message Block (SMB) file shares.

"This activity has resulted in the successful compromise of thousands of systems, with home broadband users' systems being a prime target," CERT warned in a bulletin issued Tuesday evening.

As is often the case with such vulnerabilities, the wider spread of automated attack tools makes the misconfiguration easier to exploit even for unsophisticated attackers. Tools recently used to scan for vulnerable systems include W32/Deloder, GT-bot, sdbot and W32/Slackor, according to the CERT/CC.

Windows uses the SMB protocol to share files and printers with other computers, and in Windows 2000 and Windows XP, SMB can be run directly over TCP/IP on port 445/tcp. Attackers have been targeting blocks of IP addresses known to have heavy concentrations of poorly protected systems, and have been harvesting compromised systems for Distributed Denial of Service attacks and other purposes.

The CERT/CC recommendation list for the problem is the standard set of remote user security reminders -- making sure Windows 2000 and Windows XP users create strong Administrator passwords, run anti-virus products, avoid programs of unknown origin, deploy a firewall, and filter traffic.

The full CERT/CC advisory can be found at: www.cert.org/advisories/CA-2003-08.html.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.