News

CERT Warns of Windows Shares Vulnerability

Enterprise IT needs to get tough on remote users to make sure broadband connections are secure, a new bulletin from the CERT/CC shows.

The security researchers at CERT are finding an increase in reports of Windows 2000 and Windows XP system compromises due to poorly protected file shares. Attackers are exploiting weak or missing passwords on Administrator accounts on Server Message Block (SMB) file shares.

"This activity has resulted in the successful compromise of thousands of systems, with home broadband users' systems being a prime target," CERT warned in a bulletin issued Tuesday evening.

As is often the case with such vulnerabilities, the wider spread of automated attack tools makes the misconfiguration easier to exploit even for unsophisticated attackers. Tools recently used to scan for vulnerable systems include W32/Deloder, GT-bot, sdbot and W32/Slackor, according to the CERT/CC.

Windows uses the SMB protocol to share files and printers with other computers, and in Windows 2000 and Windows XP, SMB can be run directly over TCP/IP on port 445/tcp. Attackers have been targeting blocks of IP addresses known to have heavy concentrations of poorly protected systems, and have been harvesting compromised systems for Distributed Denial of Service attacks and other purposes.

The CERT/CC recommendation list for the problem is the standard set of remote user security reminders -- making sure Windows 2000 and Windows XP users create strong Administrator passwords, run anti-virus products, avoid programs of unknown origin, deploy a firewall, and filter traffic.

The full CERT/CC advisory can be found at: www.cert.org/advisories/CA-2003-08.html.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

  • New Microsoft Customer Agreement for Buying Azure Services To Start in March

    Microsoft will have a new approach for organizations buying Azure services called the "Microsoft Customer Agreement," which will be available for some customers starting as early as this March.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.