Patch now before hackers hit

IT managers need to take immediate steps to prevent a potential mass malicious-code attack, research firm Gartner is warning. It is advising firms to apply a recently-released Microsoft security patch as quickly as possible as it believers hackers are planning to attack the vulnerability.

  • E-Mail
By  Peter Branton Published  June 23, 2005

IT managers need to take immediate steps to prevent a potential mass malicious-code attack, research firm Gartner is warning. It is advising firms to apply a recently-released Microsoft security patch as quickly as possible as it believers hackers are planning to attack the vulnerability. The vulnerability is based on a critical flaw that Microsoft released a patch for last month (see IT Weekly 25 June – I July 2005) related to the Windows Server Message Block (SMB) Protocol. The SMB protocol is used by the Windows platform to share files, printers, serial ports and communications with other computers. The flaw could potentially allow malware writers to execute code on machines throughout the network. Security firms have registered increased scanning activity on TCP Port 445, which is associated with the SMB protocol. Gartner believes this could mean that hackers have already “reverse-engineered” the security patch and are now looking for vulnerable machines to attack. “The apparent increase in ‘sniffing’ on Port 445 is a serious concern for enterprise security managers, because it may indicate an impending mass malicious-code attack,” the firm said in an online advisory. It is recommending that IT managers accelerate their efforts to ensure that all Windows systems are patched and implement shielding or other workarounds until patching is done. Firms should also review their firewall policies to ensure that Port 445 access is blocked wherever possible, it said. Port 445 is one of the commonly targeted ports, according to security firms, so many organisations are already likely to have policies in place to prevent access to it. Companies that have installed Windows XP Service Pack 2 are also likely to be safe as it turns off access to Port 445 by default.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code