News

Gartner: Port Sniffing Spike May Signal Effort to Exploit Microsoft SMB Flaw

An analyst with Gartner warned customers that a recent spike in scanning activity on TCP Port 445 may mean attackers are gearing up to exploit a flaw patched last week by Microsoft in the widely used SMB protocol.

Gartner analyst John Pescatore issued the warning this week about an apparent increase in sniffing on Port 445 that occurred last Friday. "The apparent increase in 'sniffing' on Port 445 is a serious concern for enterprise security managers, because it may indicate an impending mass malicious-code attack," Pescatore wrote.

The port is used by the Microsoft Server Message Block (SMB) protocol. Microsoft posted a patch for a critical flaw in SMB on June 14. The patch was contained in security bulletin MS05-027. An attacker could potentially use the flaw to take control of computers over the Internet.

A Microsoft spokesperson said the Microsoft Security Response Center is aware of the spike in sniffing activity.

"As part of the Microsoft Security Response Center process, once they release those patches, they continue to actively monitor the environment. They're always monitoring for any malicious activity. They're not seeing anything that raises any alarm," the spokesperson said.

Among reasons Microsoft isn't overly concerned yet about the spike are that because port scans are non-specific they could indicate searches for a number of other vulnerabilities, many on other platforms; that no exploit code is publicly circulating; and that no customers have reported being attacked.

Pescatore's research note advised customers to accelerate efforts to ensure that all Windows systems get patched, to implement workarounds until patching is complete, and to review firewall settings to make sure Port 445 access is blocked wherever possible.

The Microsoft spokesperson issued similar advice as standard precautions.

Click here to view Microsoft Security bulletin MS05-027.

See also A Look at the Microsoft Security Response Center's Playbook.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Nebula

    Ahead of AGI, Microsoft and OpenAI Redefine Their Partnership

    In a recapitalization announced Tuesday, OpenAI has launched a new public benefit corporation (PBC) called OpenAI Group, giving Microsoft a 27 percent ownership stake valued at approximately $135 billion.

  • Veeam Acquires Securiti AI To Unify Data Resilience and AI Security

    Veeam Software is making a strategic move into AI and data security by acquiring Securiti AI for $1.7 billion.

  • Microsoft Adds 'Mico' Virtual Assistant to Copilot in Major Fall Update

    In a significant feature update, Microsoft on Thursday said it is reshaping its Copilot AI platform with features that deepen user personalization and enable real-time group collaboration, among other perks.

  • Nutanix Partner Central Rolls Out To Boost Channel Engagement

    Nutanix on Wednesday launched a new platform, Partner Central, to give its channel partners a unified digital workspace for managing sales, tracking incentives and collaborating more effectively.

Most   Popular