NetBIOS resurrection

The ransomware incident is believed to related to a Microsoft Windows Vulnerability (MS17-010 – Critical) affecting Microsoft Windows SMB Server from Windows 2008 to Win7. The attack is on Microsoft Server Message Block 1.0 (SMBv1) server.

When I was an IT aduitor in banks, I always asked for justifications on using SMB services and opening of port 137. It is a standard hardening procedure to turn off NetBIOS. I would had thought after 10 years such procedures are still enforced.

The widespread of this attack may means the IT security industry and practitioners are too young to this dated protocol !


Leave a Reply