What is it?

Server Message Block (SMB), also called Common Internet File System (CIFS) allows Microsoft Windows computers to share files, serial ports and printers across a network. SMB uses ports 139 or 445. The UpGuard link below provides background on the protocol and how it works.

Why is it a risk?

Version 1.0 of SMB contains a bug that can be used to take over control of a remote computer. The US National Security Agency (NSA) developed an exploit (called “EternalBlue”) for this vulnerability which was subsequently leaked. In 2017, the “WannaCry” ransomware used the exploit to hold numerous companies, hospitals and government computer systems for ransom. The Techcrunch blog entry linked below tells the story and points out that many systems are still unpatched.

How can you mitigate the risk?

The best approach is to not allow SMB across the Internet using firewall rules; either disallow all traffic on ports 135-139 & 445 or limit access to specific IP addresses or Mac Addresses.

Keeping your Microsoft Windows server operating system up-to-date or patched is a good practice. If you have a current Microsoft service account, then you can update to the latest version. If not, then you can still apply patches that address specific vulnerabilities, see the link below.

Resources:

UpGuard What is an SMB Port
https://www.upguard.com/blog/smb-port

TechCrunch history of WannaCry
https://techcrunch.com/2019/05/12/wannacry-two-years-on/

Microsoft Updates (requires Internet Explorer)
https://update.microsoft.com

Share →