NTA Monitor

Latest News

Finance industry faces serious IT security issues

23rd June 2008 The finance industry needs to keep its eye on the small change as well as the bigger picture of its security vulnerabilities Read More

Retail sector faces serious IT security issues

23rd June 2008 The retail sector needs to set out its stall and ring the changes in its security vulnerabilities if it is to avoid the potential for hackers to gain unauthorised system access and disrupt service availability Read More

IT managers have more security headaches to deal with

11th May 2008 NTA Monitor's 2008 Annual Security Report has revealed that the average number of vulnerabilities found per test have increased to 21 compared with 19 in 2007 Read More

Solutions not excuses for patch management warns NTA Monitor

23rd April 2008 Patch management is a vital security requirement for any organsation Read More
Date: 30th June 2005
Risk: Informational

A recent surge in port 445 scanning activity could herald impending hack attacks, and industry experts have warned firms to take "immediate steps" to ensure that the affected Windows ports are secure.

Gartner pointed to recent reports that security vulnerability sensors have noted an increase in activity on TCP port 445, which is associated with Microsoft's Windows Server Message Block (SMB) protocol.

"This port could be used to exploit the Microsoft Incoming SMB Packet Validation Remote Buffer Overflow Vulnerability (MS05-027), a critical flaw for which Microsoft released a patch on 14 June, " warned John Pescatore, vice president and research fellow at Gartner Research.

"The apparent increase in 'sniffing' on port 445 is a serious concern for enterprise security managers because it may indicate an impending mass malicious-code attack."

According to Gartner, the rise in port 445 activity may indicate that, in the week since Microsoft released the Windows patch, hackers have reverse-engineered the vulnerability and developed exploit code which could be used to launch a mass attack via the widely used SMB protocol.

The analyst firm urged companies to accelerate their efforts to ensure that all Windows systems are patched. If it is not practical immediately to patch systems firms should implement shielding or other "workarounds" until patching is complete.

It is also advisable for Windows users to review all firewall policies, including those covering personal firewall software, to ensure that port 445 access is blocked wherever possible.

Gartner further advised companies to update all intrusion prevention system filters, both network-based and host-based, to block attempts to exploit this vulnerability. Affected Software:

Non-Affected Software: Win98, Win98 SE, and Win ME

References

http://www.vnunet.com/vnunet/news/2138515/mass-hack-attacks-targets-port