Download the authoritative guide: Cloud Computing 2018: Using the Cloud to Transform Your BusinessAnalysts are warning of a possible TCP Port attack after detecting a surge in sniffing on Port 445, which is the port associated with a recently patched Microsoft flaw.
Gartner, Inc., a major industry analyst firm based in Stamford, Conn., has issued an alert, saying the increased scanning activity may signal an impending malicious code attack exploiting a critical Windows vulnerability.
The flaw was connected to the Microsoft Windows Server Message Block (SMB) Protocol, which is associated with Port 445. The port could be used to exploit the Microsoft Incoming SMB Packet Validation Remote Buffer Overflow Vulnerability (MSO5-27). A patch for the bug was released on June 14.
''The Port 445 activity may indicate that -- in the week since Microsoft released the Windows patch -- attacks have reached the fourth state in this process and may be preparing a mass attack, employing the widely used SMB protocol,'' Gartner analysts warned in a written statement.
A spokesperson for Symantec Corp., an anti-virus and anti-spam company, says researchers at Symantec's DeepSight Network detected the surge in sniffing last week. In the last several days, the surge has started to drop off, however.
Windows 2000 and Windows XP use TCP Port 445 to run SMB directly over TCP/IP to manage activities such as file sharing and communication between computers.
Analysts are advising users to make sure that all flaws are patched.