News

Gartner: Port Sniffing Spike May Signal Effort to Exploit Microsoft SMB Flaw

An analyst with Gartner warned customers that a recent spike in scanning activity on TCP Port 445 may mean attackers are gearing up to exploit a flaw patched last week by Microsoft in the widely used SMB protocol.

Gartner analyst John Pescatore issued the warning this week about an apparent increase in sniffing on Port 445 that occurred last Friday. "The apparent increase in 'sniffing' on Port 445 is a serious concern for enterprise security managers, because it may indicate an impending mass malicious-code attack," Pescatore wrote.

The port is used by the Microsoft Server Message Block (SMB) protocol. Microsoft posted a patch for a critical flaw in SMB on June 14. The patch was contained in security bulletin MS05-027. An attacker could potentially use the flaw to take control of computers over the Internet.

A Microsoft spokesperson said the Microsoft Security Response Center is aware of the spike in sniffing activity.

"As part of the Microsoft Security Response Center process, once they release those patches, they continue to actively monitor the environment. They're always monitoring for any malicious activity. They're not seeing anything that raises any alarm," the spokesperson said.

Among reasons Microsoft isn't overly concerned yet about the spike are that because port scans are non-specific they could indicate searches for a number of other vulnerabilities, many on other platforms; that no exploit code is publicly circulating; and that no customers have reported being attacked.

Pescatore's research note advised customers to accelerate efforts to ensure that all Windows systems get patched, to implement workarounds until patching is complete, and to review firewall settings to make sure Port 445 access is blocked wherever possible.

The Microsoft spokesperson issued similar advice as standard precautions.

Click here to view Microsoft Security bulletin MS05-027.

See also A Look at the Microsoft Security Response Center's Playbook.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • FTC Expands Microsoft Antitrust Investigation Under Trump Administration

    The Federal Trade Commission (FTC) is pressing ahead with a broad investigation into Microsoft's business practices, an inquiry that began in the final weeks of the Biden administration.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft to Shut Down Skype Services

    Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.

  • Big Blue To Acquire Datastax in Enterprise AI Play

    In a bid to bolster its enterprise-aimed AI capabilities, IBM is planning to acquire Datastax, a leading AI and data solutions provider, for an undisclosed amount.