Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL http://www.kb.cert.org/vuls/id/672268
It seems that it can be prevented by blocking outbound from ports 139 and 445 as described here: http://blog.trendmicro.com/trendlab...iving-dead-the-redirect-to-smb-vulnerability/
SMB has all of the same problems on NT systems as NETBIOS did on earlier systems. Unfortunately, port 445 is used for more than one purpose. See Microsoft Directory Services. More info on port 445 at https://www.grc.com/port_445.htm. Traffic for this port needs to be blocked in both directions. The port can be completely closed on XP with some work. No idea if it's possible to completely close this port on Vista and newer.
On W7HP... After disabling NETBIOS over TCP/IP via Network Adapter settings, the user needs to do one more thing to complete the partially blocked port 445 sequence. Control Panel - Device Manager (Show hidden devices)... /Non-Plug and Play Drivers / NETBT > Properties > Driver tab > Stop it and change Type from 'System' to 'Disabled'. Windows Services... Disable the "Server" service... done, port 445 patched. The above was taken from http://hardenwindows7forsecurity.com/Harden Windows 7 Home Premium 64bit - Standalone.html P.S.: I have 95 Windows Services disabled.
Is a home user vulnerable to this exploit unless the above conditions are met? How would a home user be communicating on an untrusted network? And how would a home user's network be compromised ? ---- rich
Well, perhaps I didn't understand it correctly, but it doesn't seem to be easy exploitable, you need to perform a MITM attack, not something that I have to worry about when I'm at home. http://blog.cylance.com/redirect-to-smb
When you consider what a home network can include, it may be easier to create those conditions than most would realize. That home network often includes cellphones utilizing wireless routers and a growing list of IoT devices, most of which didn't make security a design consideration. Combine that with exploitable (if not outright backdoored) routers and modems using weak default configurations connecting devices that use default-permit security policies. I'd suspect that the typical home network (not those of the average Wilders member) would be quite exploitable. For the average user, plugging their cellphone into their PC could easily be all that's required.
Good grief! I am so happy I "retired" from home consulting a couple of years ago. How can anyone work with a maze* like that! *maze 1. a confusing network of intercommunicating paths or passages; 2. any complex system or arrangement that causes bewilderment, confusion, or perplexity; ---- rich
At one time, I was exploring the idea of a remote administration service for home users and their equipment. In hindsight, I'm so glad that I gave it up. Except for a few friends who have some common sense, I want nothing to do with maintaining equipment for other users any more. It's just not worth the headache.