A critical bug dubbed Redirect to SMB has been discovered which is known to affect all devices running any version of Windows, including Windows 10. The as-yet unpatched flaw in Windows leaks username and password details to remote attackers, and was first reported to Microsoft way back in 1997.

What is SMB?
Server Message Block, is a protocol that allows users to share files over a network. SMB is often used by companies and organizations to share files from one server across their entire network.

How redirect to SMB works?
Simply put, an attacker only needs to intercept an HTTP request, which can be easily done using Man-in-the-Middle (MitM) attack, and then redirect the victim to a malicious SMB server controlled by the attacker.

Who are affected?
Widely used application like Adobe Reader, Apple QuickTime, Apple Software Update, Internet Explorer, Windows Media Player, Excel 2010 and even some anti – virus software are said to be some of the 31 programs that are affected.

How to protect yourself?
• Block inbound traffic to TCP 139 and TCP 445.
• Apply applicable and up-to-date software patches from vendors. Scan for vulnerabilities and update patches using SecPod Saner
• Use strong passwords, so it is not easily cracked by brute force.

We will let you know once Microsoft releases a patch or an update on SMB. Watch this space for more!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>