|
|
|
MS10-020 SMB Client Update |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Today Microsoft released MS10-020, which addresses several vulnerabilities in the Windows SMB client. This blog post provides additional details to help prioritize installation of the update, and understand the attack vectors and mitigations that apply. Client-side vulnerabilities The first thing to realize is that this update addresses vulnerabilities in the SMB client in Windows. Since these are client-side issues, systems that provide SMB server services, such as file and print servers, are not at risk. Typically, machines that act as SMB clients are Windows client machines, not server machines. However, it is possible for a Windows server machine to also act as a SMB client, and depending on the server role and software being used it may be a common scenario. For example Terminal Server scenarios logging on to a server as an administrator and accessing files on the network Servers that mirror content from another SMB server. Attack vectors Unlike server-side vulnerabilities, an attacker cannot simply scan for vulnerable systems and then open connections to attack targets. For an attacker to exploit any of these issues they would have to force a SMB client to make a connection to a malicious server. In general this kind of attack is done in several ways E-mail containing links to external web or file servers. The attacker lures the target into clicking a link and visiting the malicious server. Similar to above, but with messages sent via instant-messenger or social-networking services. HTML e-mail or web-pages containing embedded links to malicious file serves. With some applications, these links may be automatically visited without user interaction. In all cases, for an attacker on the Internet to be able to exploit these vulnerabilities, the target client machine must be able to make an outbound SMB connection to the malicious server. Firewall best practices recommend blocking outbound and inbound SMB traffic TCP ports 139 and 445 at the perimeter firewall, preventing this attack from succeeding. That leaves attacks originating from inside the local network a.k.a. the intranet either from a malicious user on the network, or from a compromised machine that is being used as a pivot to reach other targets. In some cases, it may be possible for an attacker on the intranet to hijack legitimate SMB client connections for the purpose of carrying out attacks. Mitigations As explained above, the best mitigation against attacks coming from outside the network perimeter is to block inbound and outbound SMB traffic at the edge firewall. This will prevent attackers on the Internet from being able to lure client machines into connecting to them. Blocking attacks from the intranet is harder. The best solution is to apply the security update. Other steps that can be taken to reduce risk are to enable SMB signing, so that malicious SMB servers will not be able to establish communication with target clients. - Mark Wodrich, MSRC Engineering Posting is provided AS IS with no warranties, and confers no rights. Les derniers articles du site "Security Research Defense" :- CDD.dll vulnerability Difficult to exploit- MS10-031 VBE6 Single-Byte Stack Overwrite- MS10-030 Malicious Mail server vulnerability- Sharepoint XSS issue- Registry vulnerabilities addressed by MS10-021- MS10-020 SMB Client Update- Assessing the risk of the April Security Bulletins- Help keypress vulnerability in VBScript enabling Remote Code Execution- Using code coverage to improve fuzzing results- Details on the New TLS Advisory
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
