Insecure Service
SMB Service Availability to Internet or Other Unauthorized Users
TCM-KB-EXT-001
Last Updated: 6/26/2023
Microsoft Windows Server
The recommended remediation steps and configurations described in this response would primarily affect systems running Microsoft Windows Server.
SMB
SMB refers to Server Message Block.
A small message block refers to a compact unit of data transmission used in communication protocols. It typically contains a limited amount of information, such as a command, status update, or a small portion of a larger message, allowing for efficient and rapid exchange of data between devices or systems.
Contributor
Joe Helle
Chief Hacking Officer
Recent Blogs
Find and Exploit Server-Side Template Injection (SSTI)
Server-Side Template Injection (SSTI) is an attack that allows an attacker to inject malicious input into a templating engine, leading to code execution on the server. While this vulnerability can be quite impactful, understanding and exploiting it requires a good...
Find and Exploit Blind SSRF with Out-of-Band (OOB) Techniques
Server-Side Request Forgery (SSRF) is a vulnerability that let’s an attacker have a server make requests on their behalf. Typically this can allow the attacker to reach internal resources that would otherwise be unavailable. Whilst the typical SSRF is dangerous...
Understanding and Hacking GraphQL: Part 1
GraphQL, a query language for your API and a server-side runtime for executing those queries, is rapidly becoming a prevalent technology in modern web applications. This technology, developed by Facebook in 2012 and released as an open-source project in 2015, provides...
XPath Injection: A Beginners Guide
Overview XPath Injection, akin to other common injection attacks, specifically targets vulnerabilities within an application's user input processing system. But what sets XPath Injection apart is its exploitation of XPath queries. The fallout? Unauthorized access to...
Do I Need to Learn Linux?
Learning Linux can be valuable for individuals who want to become ethical hackers or offensive security specialists. Find out why Linux is good to learn.
Issue
The SMB service on the domain-joined endpoint is available to the Internet. This could permit information disclosure of internal network identities (i.e., fully-qualified domain names of internal domains) and accessibility of an external entry point for brute force attacks.
Recommended Remediation
The following outlines the recommended steps that the systems and network administrators should take in order to secure the environment.
Utilizing a user account with administrative privileges, open Windows Defender Firewall with Advanced Security.
Right-click inbound Rules and select New Rule.
In the Rule Type window, click Port and select next.
Select the TCP option, and below, the Specific local ports option. Enter ports 135, 139, 445 and click Next.
On the next screen, select Block the connection and press Next.
In the next window, deselect Domain and Private, and select Public. If you prefer to only allow domain-connected devices to access the SMB service, deselect only Domain, and select Private and Public. Press Next when complete.
In the next window, specify a name for the new firewall rule, and enter a description if desired. Press Finish when complete.
Sample Pentest Report
See The Results We Can Deliver To You. No Email Required.
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.