Server Message Block Potential Exploit

VUIT Security Advisory: Potential Exploit of Server Message Block (SMB)

Vanderbilt IT would like to bring the following information to the technical community’s attention, especially those who use any version of Microsoft Windows, a Microsoft server or Samba.

US-CERT has issued an advisory in response to a public report of a potential Server Message Block (SMB) vulnerability. This service is universally available for Windows systems, and legacy versions of SMB protocols could allow a remote attacker to obtain sensitive information from affected systems.

All administrators are advised to discontinue using SMBv1 and to disable client support on end-user systems.

VUIT has implemented protections at the perimeter firewall and will continue to monitor this situation closely.

For additional information, contact VUIT Incident Response at VUIT.Incident.Response@vanderbilt.edu.

Sources and References:
https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices/
https://support.microsoft.com/en-us/help/204279/direct-hosting-of-smb-over-tcp-ip/
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012/
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/