Grafvision - Fotolia
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the Shadow Brokers' alleged exploit for Windows SMB and what it means for both enterprises and Microsoft.
While Microsoft has made many security improvements in recent years, the recent warning about Windows SMB v1 shows that the software giant's past can occasionally come back to haunt users.
A security advisory was issued last week by US-CERT regarding a potential vulnerability in version 1 of Windows' Server Message Block (SMB) protocol. The advisory followed reports about the Shadow Brokers group, which claimed to have more "cyber weapons" for sale, including an undisclosed zero-day exploit for Windows SMB. The Shadow Brokers claimed last year to have hacked the Equation Group, an advanced persistent threat group tied to the National Security Agency, and to have put up a collection of zero-day vulnerabilities and exploits for sale to the public.
While the vulnerability for Windows SMB was unconfirmed, US-CERT recommended that enterprises take steps to protect themselves, including disabling SMB v1 and blocking all versions of Windows SMB at the network boundary. But because the aging SMB v1 is still included -- and even enabled by default, in some cases --- on many operating systems, like Windows 7, Windows Server 2012 and Windows 8/8.1, many users may be at risk and not even know it.
In this episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss the Windows SMB security threat, what it means for enterprises and why the protocol is still in use, despite the fact that SMB v1 was created in the 1990s and SMB 3.0 is available today. They also discuss Windows 10 security improvements and how the OS was able to thwart some zero-day attacks before it was patched, as well as a controversial blog post from Microsoft about security risks for Windows 7.