News

CERT Warns of Windows Shares Vulnerability

Enterprise IT needs to get tough on remote users to make sure broadband connections are secure, a new bulletin from the CERT/CC shows.

The security researchers at CERT are finding an increase in reports of Windows 2000 and Windows XP system compromises due to poorly protected file shares. Attackers are exploiting weak or missing passwords on Administrator accounts on Server Message Block (SMB) file shares.

"This activity has resulted in the successful compromise of thousands of systems, with home broadband users' systems being a prime target," CERT warned in a bulletin issued Tuesday evening.

As is often the case with such vulnerabilities, the wider spread of automated attack tools makes the misconfiguration easier to exploit even for unsophisticated attackers. Tools recently used to scan for vulnerable systems include W32/Deloder, GT-bot, sdbot and W32/Slackor, according to the CERT/CC.

Windows uses the SMB protocol to share files and printers with other computers, and in Windows 2000 and Windows XP, SMB can be run directly over TCP/IP on port 445/tcp. Attackers have been targeting blocks of IP addresses known to have heavy concentrations of poorly protected systems, and have been harvesting compromised systems for Distributed Denial of Service attacks and other purposes.

The CERT/CC recommendation list for the problem is the standard set of remote user security reminders -- making sure Windows 2000 and Windows XP users create strong Administrator passwords, run anti-virus products, avoid programs of unknown origin, deploy a firewall, and filter traffic.

The full CERT/CC advisory can be found at: www.cert.org/advisories/CA-2003-08.html.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • World Map Image

    Microsoft Taps Nebius in $17B AI Infrastructure Deal To Alleviate Cloud Strain

    Microsoft has signed a five-year, $17.4 billion agreement with Amsterdam-based Nebius Group to expand its AI computing capabilities through third-party GPU infrastructure.

  • Microsoft Brings Copilot AI Into Viva Engage

    Microsoft 365 Copilot in Viva Engage is now generally available, extending Copilot's AI-powered assistant capabilities deeper into the Viva platform.

  • MIT Finds Only 1 in 20 AI Investments Translate into ROI

    Despite pouring billions into generative AI technologies, 95 percent of businesses have yet to see any measurable return on investment.

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.