Gartner: Port Sniffing Spike May Signal Effort to Exploit Microsoft SMB Flaw

An analyst with Gartner warned customers that a recent spike in scanning activity on TCP Port 445 may mean attackers are gearing up to exploit a flaw patched last week by Microsoft in the widely used SMB protocol.

Gartner analyst John Pescatore issued the warning this week about an apparent increase in sniffing on Port 445 that occurred last Friday. "The apparent increase in 'sniffing' on Port 445 is a serious concern for enterprise security managers, because it may indicate an impending mass malicious-code attack," Pescatore wrote.

The port is used by the Microsoft Server Message Block (SMB) protocol. Microsoft posted a patch for a critical flaw in SMB on June 14. The patch was contained in security bulletin MS05-027. An attacker could potentially use the flaw to take control of computers over the Internet.

A Microsoft spokesperson said the Microsoft Security Response Center is aware of the spike in sniffing activity.

"As part of the Microsoft Security Response Center process, once they release those patches, they continue to actively monitor the environment. They're always monitoring for any malicious activity. They're not seeing anything that raises any alarm," the spokesperson said.

Among reasons Microsoft isn't overly concerned yet about the spike are that because port scans are non-specific they could indicate searches for a number of other vulnerabilities, many on other platforms; that no exploit code is publicly circulating; and that no customers have reported being attacked.

Pescatore's research note advised customers to accelerate efforts to ensure that all Windows systems get patched, to implement workarounds until patching is complete, and to review firewall settings to make sure Port 445 access is blocked wherever possible.

The Microsoft spokesperson issued similar advice as standard precautions.

Click here to view Microsoft Security bulletin MS05-027.

See also A Look at the Microsoft Security Response Center's Playbook.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus