Mass hack targets critical Windows flaw - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware
Click Here to Login
Closed Thread
Thread Tools Display Modes
Old 06-24-2005, 05:48 PM   #1 (permalink)
Techie Beyond Description
Osiris's Avatar
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Mass hack targets critical Windows flaw

Mass hack targets critical Windows flaw
Ominous surge in TCP port 445 scanning activity

A recent surge in port 445 scanning activity could herald impending hack attacks, and industry experts have warned firms to take "immediate steps" to ensure that the affected Windows ports are secure.

Gartner pointed to recent reports that security vulnerability sensors have noted an increase in activity on TCP port 445, which is associated with Microsoft's Windows Server Message Block (SMB) protocol.

"This port could be used to exploit the Microsoft Incoming SMB Packet Validation Remote Buffer Overflow Vulnerability (MS05-027), a critical flaw for which Microsoft released a patch on 14 June, " warned John Pescatore, vice president and research fellow at Gartner Research.

"The apparent increase in 'sniffing' on port 445 is a serious concern for enterprise security managers because it may indicate an impending mass malicious-code attack."

According to Gartner, the rise in port 445 activity may indicate that, in the week since Microsoft released the Windows patch, hackers have reverse-engineered the vulnerability and developed exploit code which could be used to launch a mass attack via the widely used SMB protocol.

The analyst firm urged companies to accelerate their efforts to ensure that all Windows systems are patched. If it is not practical immediately to patch systems firms should implement shielding or other "workarounds" until patching is complete.

It is also advisable for Windows users to review all firewall policies, including those covering personal firewall software, to ensure that port 445 access is blocked wherever possible.

Gartner further advised companies to update all intrusion prevention system filters, both network-based and host-based, to block attempts to exploit this vulnerability.
Osiris is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 06:58 PM.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2019, vBulletin Solutions, Inc.