A recent surge in port 445 scanning activity could herald impending hack
attacks, and industry experts have warned firms to take "immediate steps" to
ensure that the affected Windows ports are secure.
Gartner pointed to recent reports that security vulnerability sensors have
noted an increase in activity on TCP port 445, which is associated with
Microsoft's Windows Server Message Block (SMB) protocol.
"The apparent increase in 'sniffing' on port 445 is a serious concern for
enterprise security managers because it may indicate an impending mass
malicious-code attack."
According to Gartner, the rise in port 445 activity may indicate that, in the
week since Microsoft released the Windows patch, hackers
have reverse-engineered the vulnerability and developed exploit code which could
be used to launch a mass attack via the widely used SMB protocol.
The analyst firm urged companies to accelerate their efforts to ensure that
all Windows systems are patched. If it is not practical immediately to patch
systems firms should implement shielding or other "workarounds" until patching
is complete.
It is also advisable for Windows users to review all
firewall policies, including those covering personal
firewall software, to ensure that port 445 access is blocked wherever possible.
Gartner further advised companies to update all intrusion
prevention system filters, both network-based and host-based, to block
attempts to exploit this vulnerability.
Do you agree?
Have your say on this article