Microsoft refused to fix SMB vulnerability

Microsoft won’t fix a vulnerability in the Server Message Block (SMB) file sharing protocol that affects all versions of the Windows operating system.

A vulnerability called SMBLoris was revealed late last week at DEF CON (one of the world’s largest hacker conventions) won’t be fixed because Microsoft says that the service should be firewalled off from the internet anyway.

“SMBLoris is a remote and uncredentialed denial of service attack against Microsoft® Windows® operating systems, caused by a 20+ year old vulnerability in the Server Message Block (SMB) network protocol implementation.”

“The vulnerability is in all modern versions of Windows, at least from Windows 2000 through Windows 10. Systems are still vulnerable even if all versions of SMB (1, 2, and 3) are disabled.”

The flaw enables an attacker to open a connection to a remote machine through the SMB protocol and make that computer to allocate RAM to handle the connection.

The vulnerability is critical because it enables an attacker to open thousands of connections to the same computer, consuming its RAM and probably crashing the machine.

After many reviews, Microsoft said it doesn’t see this issue as a security bug. That’s mean that the company refused to fix the bug in an urgent security update but admitted that it’s a bug and it will patch it in the upcoming future updates.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA