TweakTown
Tech content trusted by users in North America and around the world
6,202 Reviews & Articles | 40,042 News Posts
TRENDING NOW: Samsung wants the US government to block GeForce GPU shipments

Microsoft's latest patches hide serious threat

SMB and NetBIOS vulnerability

| Posted: Jan 14, 2009 7:32 pm

Three new bugs found in the way Windows handles SMB has raised the red flag for a number of security experts.

 

Although these bug have been patched by Microsoft people are concerned that these patches will not be put into place quickly enough to prevent their use.

 

The exploits can allow for remote execution and DoS attacks on the server by utilizing NetBIOS.

 

Read more here.

 

Microsoft's latest patches hide serious threat

Despite the seemingly light fare, experts say that IT should not be lackadaisical in applying the patch. An attacker does not need to steal any passwords in order to take over a machine or perform a denial-of-service (DoS) attack. Two of the vulnerabilities covered can lead to remote code execution while the third can lead to the DoS attack.

 

"In today's bulletin, the attacker does not require any credentials," says Amol Sarwate, manager of the vulnerabilities research lab at Qualys. "The vulnerable SMB ports are almost always guaranteed to be open for Windows to function properly so I would say this one is pretty serious."
And given the fact that the vulnerability is present on the Windows Server OS, there is no user intervention that has to occur before machines can be hacked. Just the mere presence of the server on the network makes it vulnerable.

 

The patch is listed "critical" on Windows 2000, XP and 2003 because NetBios is turned on be default, but only moderate on Vista and Windows Server 2008 where NetBios is off by default.

 

Related Tags

Further Reading: Read and find more news at our news index page.

Do you get our news RSS feed? Get It!

Got an opinion on this news? Post a comment below!

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases