Newsletter IconFacebook IconX IconThreads IconInstagram IconYouTube IconPinterest Icon
Giveaway: Win an ASRock B850 Riptide WiFi and Phantom Gaming PG-850G PSU

Microsoft's latest patches hide serious threat

SMB and NetBIOS vulnerability.

Comments
TweakTown
Published
Updated
1-minute read time
Voice: Default
0:00 / --:--
Use left and right arrow keys to seek audio.

Three new bugs found in the way Windows handles SMB has raised the red flag for a number of security experts.

Although these bug have been patched by Microsoft people are concerned that these patches will not be put into place quickly enough to prevent their use.

The exploits can allow for remote execution and DoS attacks on the server by utilizing NetBIOS.

Read more here.

Microsoft's latest patches hide serious threat

Despite the seemingly light fare, experts say that IT should not be lackadaisical in applying the patch. An attacker does not need to steal any passwords in order to take over a machine or perform a denial-of-service (DoS) attack. Two of the vulnerabilities covered can lead to remote code execution while the third can lead to the DoS attack.

"In today's bulletin, the attacker does not require any credentials," says Amol Sarwate, manager of the vulnerabilities research lab at Qualys. "The vulnerable SMB ports are almost always guaranteed to be open for Windows to function properly so I would say this one is pretty serious."
And given the fact that the vulnerability is present on the Windows Server OS, there is no user intervention that has to occur before machines can be hacked. Just the mere presence of the server on the network makes it vulnerable.

The patch is listed "critical" on Windows 2000, XP and 2003 because NetBios is turned on be default, but only moderate on Vista and Windows Server 2008 where NetBios is off by default.

Comments

Stay Updated

Follow TweakTown for breaking tech news, reviews, and daily updates.

Add TweakTown as a preferred source on GoogleFind TweakTown on Apple News
Newsletter Subscription