Every Version of Windows Is Affected by This Vulnerability

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,400
Another legacy vulnerability dating from 1997 that affects all versions of Windows has been identified. The vulnerability is called Redirect to SMB. You can wait around for Microsoft to roll out a fix, which they are presently working on, or you can apply the enclosed workaround until the official patch is released.

In 1997, Spangler found that introducing URLS beginning “file” would cause Windows to attempt authentication with an SMB server at the given IP address (for example, file://1.1.1.1), which could then be used to record login credentials.
 
Decided to block those outgoing ports and found out that the Egress Firewall for ClearOS has predefined blocks for theses that I just had to enable. :D
 
Not to mention most ISPs block 135-139 and 445 connections across their networks. There is no reason to have SMB open to the Internet at large. VPNs solutions and HTTP/FTP/SSH etc. server software can easily fill the gap.
 
I'm reading through their terribly written whitepaper and it seems that after getting your pc to try and automatically authenticate with your windows credentials to their SMB trap server they still have to crack your password.

So don't use a crappy password. Problem solved.
 
I'm reading through their terribly written whitepaper and it seems that after getting your pc to try and automatically authenticate with your windows credentials to their SMB trap server they still have to crack your password.

So don't use a crappy password. Problem solved.

Yep. There are good reasons the "vulnerability" hasn't been "fixed" that this sensationalist bit of FUD-scamming didn't see fit to publish...;) Anything for page hits, right? This announcement follows the old pattern of "vulnerability" reporting: it's heavy on the FUD but saves the fact that you don't have to worry about it until last, or, like this article, simply omits that part of the story completely. You know it's FUD immediately when you see that the "real story" is that several popular AV programs (not Defender, if you'll notice) have the "vulnerability," but it's "Windows" the headline names--when Windows doesn't actually have the "vulnerability" at all. A few programs that run on Windows are said by the article to have the "vulnerability," however, as you note if they don't have your password then there's no "vulnerability" at all.

Interesting thing is that if they have your password then the SMB Redirect becomes almost moot...;)
 
and the Windows user at the other end attempted to authenticate with our SMB server.
It doesn’t take much to prompt someone to enter their credentials, after all – just a legitimate-looking dialogue box

SOOO TLDR: You have to be dumb enough to type your username and password into a box for no fucking reason.
 
Back
Top