Home

Aug 14, 2017

Microsoft will wait a long time to remove known SMB vulnerability in Windows


Microsoft was notified on June 2 this year of a vulnerability in the company's implementations of all versions of the Server Message Block SMB. Vulnerability should have been around for more than 20 years and affects all newer versions of Windows, but also the Samba software, which provides Linux machines with support for SMB. SMB is used, among other things, to share file areas and printers across networks, preferably local area networks.

Category:Microsoft 

Microsoft was notified on June 2 this year of a vulnerability in the company's implementations of all versions of the Server Message Block SMB. Vulnerability should have been around for more than 20 years and affects all newer versions of Windows, but also the Samba software, which provides Linux machines with support for SMB. SMB is used, among other things, to share file areas and printers across networks, preferably local area networks.

Vulnerability, called SMBLoris, allows performing DoS attacks against computers with SMB support without the attacker having to be an authenticated user.

Same port as WannaCry
In any event, the attack can be performed via port 445, the same port as the WannaCry malware. It turned out that there are many who have this network port exposed to the internet. In others, the attacker must first access the victim's local area network.

According to security researchers who have discovered vulnerability, Sean Dillon and Jenna Magius of RiskSense, only basic networking skills are required to carry out the attack.

Enormously resource-intensive
Vulnerability allows an attacker to send a large amount of requests requiring little of the client machine, but that leads to the allocation of large amounts of memory on the target machine, as well as what is referred to as huge amounts of wasted CPU cycles.

This may cause the target machine to be unable to perform its usual tasks, such as server services such as email, database and web. At worst, the attack can cause the system to crash.

In the video below, where the attack is demonstrated, the memory usage of the attacked machine is greatly increased. At the same time, the machine is no longer able to respond to ping queries.

More details about vulnerability can be found on this page.

Rejected by Microsoft
According to security researchers, two different teams at Microsoft have assessed the vulnerability. However, both have come to the conclusion that it is not serious enough that it will be removed through a security update. Instead, the company has stated that the issue will be addressed in a future edition of Windows.

Vulnerability should be named after Slowloris, a similar type of DoS attack that could be targeted to several different types of web servers. This was first demonstrated in 2009.

Possible measures
Administrators of computers with Samba can prevent this kind of attack by adding the following line to the smb.conf file.

Max smbd processes = 1000

It will limit how many processes the smb daemon will run at once.

Windows computer administrators can prevent attacks by blocking the SMB service using a firewall, either on the system itself or externally. You may limit how many SMB connections a single IP address may be open at any given time.

Security scientists should have demonstrated the attack to the public during the Def Con conference, which was held in Las Vegas in late July.

According to Bleeping Computer, security researcher Hector Martin has released a conceptual evidence of an assault tool that can exploit SMBLoris. The code is available here and here. It will enable a fully updated Windows 10 Pro machine with 8 gigabytes of RAM to pin in less than 10 seconds.

authorarticle: Master3395

image: 

keywords: Samba, Server, Message, Block, Security, SMBLoris, Vulnerability, Windows

Previous Article
Next Article
Discord

Page 1 of 491  >  >>

Apple is moving parts of production out of China

apple_airpods.jpeg

Feb 20, 2020 | Category: Apple | Comments

Applies to both AirPods, iPad and Apple Watch.

read more…

Sony closes the PlayStation forum

ps_forum_closure_announcement.jpg

Feb 19, 2020 | Category: General | Comments

Only a few days left.

read more…

The Instagram boss explains why they don't have a dedicated Instagram app

instagram.png

Feb 18, 2020 | Category: IT | Comments

But it is not very credible.

read more…

Page 1 of 491  >  >>