News

CERT Warns of Windows Shares Vulnerability

Enterprise IT needs to get tough on remote users to make sure broadband connections are secure, a new bulletin from the CERT/CC shows.

The security researchers at CERT are finding an increase in reports of Windows 2000 and Windows XP system compromises due to poorly protected file shares. Attackers are exploiting weak or missing passwords on Administrator accounts on Server Message Block (SMB) file shares.

"This activity has resulted in the successful compromise of thousands of systems, with home broadband users' systems being a prime target," CERT warned in a bulletin issued Tuesday evening.

As is often the case with such vulnerabilities, the wider spread of automated attack tools makes the misconfiguration easier to exploit even for unsophisticated attackers. Tools recently used to scan for vulnerable systems include W32/Deloder, GT-bot, sdbot and W32/Slackor, according to the CERT/CC.

Windows uses the SMB protocol to share files and printers with other computers, and in Windows 2000 and Windows XP, SMB can be run directly over TCP/IP on port 445/tcp. Attackers have been targeting blocks of IP addresses known to have heavy concentrations of poorly protected systems, and have been harvesting compromised systems for Distributed Denial of Service attacks and other purposes.

The CERT/CC recommendation list for the problem is the standard set of remote user security reminders -- making sure Windows 2000 and Windows XP users create strong Administrator passwords, run anti-virus products, avoid programs of unknown origin, deploy a firewall, and filter traffic.

The full CERT/CC advisory can be found at: www.cert.org/advisories/CA-2003-08.html.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Windows 10 Preview Adds Ability To Display Linux Distro Files

    Microsoft on Wednesday announced Windows 10 preview build 19603, which adds easier access to installed Linux distro files using Windows File Explorer.

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.