Hello friends, today we will solve the problem with the "Redirect to SMB" vulnerability that was discovered a few days ago and that affects all versions of Windows, including Windows 10.
Vulnerability in Windows applications based on naivety, which will soon feel to log SMB server. At that time data logging are spit out, where the attacker intercepts them for later decryption.
Warning!
Redirect to SMB is a vulnerability that affects many applications and even antivirus programs.
Some examples:
Adobe Reader, Apple QuickTime and Apple Software Update, Internet Explorer, Windows Media Player, Excel 2010, Symantec's Norton Security Scan, Free AVG, BitDefender Free, Comodo Antivirus, Box Sync, TeamViewer, etc.
Perhaps the Microsoft will fix this vulnerability (Redirect to SMB) soon, unfortunately only those with legal Windows will receive this patch.
Those with pirated Windows will have to manually make some settings in the firewall to stop SMB traffic to the outside.
SMB ports are TCP and TCP 139 445.
More details can be found on Redirect to SMB cylance.com blog
View Comments (37)
for those with wind. pirated to many will not work these settings, because the firewall is turned off from the "factory" and when you start it gives you the error 0x80070422
talking nonsense. most pirated Windows sites are not changed.
Windows does not have a lot of people changed sites are not at all popular torrent sites, all looking for the original, unmodified. Only that makes it different is activated from the original, from Microsoft.
I also found the solution, it was stopped from "services" to be put on the machine
Thanks for "learning"
Thank you very much Cristi, to live :)
I think the problem is still not solved with firewall .. because the port on samba (smb) as well as those on apache, ftp, ssh servers can be changed. it's just a temporary solution ... another solution must be found for this security bag
I follow many years video tutorials made by you and take this opportunity to mulţumesc.Eu I avast firewall and the Windows dezactivat.Am I checked the firewall settings of avast and noticed that comes already set with blocking these ports TCP and TCP 139 445.Deci it seems that this vulnerability in avast know before.
Yes, probably made by a patch update. About this vulnerability was only a few days ago.
Cristi welcome
My hunch is that only Windows Windows 8 8.1 10 not know it would be possible vulnerability as we have shown in this tutorial that I found in Windows 7 and remote settings every time you turn off and stop the services and remote (pc manage)
Windows 8 times I found these settings (or maybe I did not know them yet keep looking a not quit)
Again we all know that Windows comes with 8 Metro interface and there really a suspect be possible vulnerability for all applications in Metro with PC startup automatically logs
to almost forgot, I met a cuidatenie so when I open a Word document is online and asking me username password settings but I had done what I have listed above in Windows7
I guess if it does not make them automatically sign?
thank you
I forgot to mention that I have never installed Windows 7 8 or pirated Windows
I never stopped firewall and all the time I had to day updates and antivirus
Thank nice Cristi, to be loved.
Excellent!
I have a Zyxel NSA320S enabled SMB server, is there any danger?
Zyxel NSA320s running a version of Linux and is not affected.
I have a nose after I blocked ports I could not I connect to the nose.
Change the default ports in the nose.
these ports have been in trouble for many years. it's been discovered for a long time. with exploits on 445 one enters immediately. with activity registration with everything. is solved with Windows Worms Doors Cleaner. (it had a dedicated menu ... well, it was possible from the firewall as well).
the problem has calmed down since they put upc / rtc - modem and since most have routers.
few cases when the cable net's directly in PC. now go through modems / routers. which routereaza public ip and not in bridge. Not to mention how frequently changing public IPs assigned by your ISP.
So: problem solved about itself.
more current problem would be mounted ont rds sites.
I have not yet. I understood that the user has full access their menu.
there would be 2 accounts: user - limited in settings, and admin - to which rds does not give the password to the subscriber. must be stolen from the ont configuration. I'm really sorry they haven't set it up yet and I'm going to fight it. :)
who has to make a tutorial.
Yes, according to user stefan, ONT subject is topical! RCS-RDS began installing such equipment! I already have an ONT but do not know how it can be accessed! Maybe need a tutorial ONT, fiber optics, etc.!