New SMB Vulnerability Could Allow DoS Attack

Researchers Sean Dillon and Sach Harding discovered a new Server Message Block (SMB) protocol vulnerability, dubbed "SMBLoris," while studying the EternalBlue SMB exploit used in the recent WannaCry and Petya incidents. This vulnerability could allow a threat actor with a single machine and low bandwidth to consume the targeted server’s memory and CPU resources, causing a denial-of-service (DoS) condition. The vulnerability was reported to Microsoft in June, but was considered of “moderate impact” and not a security breach; there is currently no patch available. The NJCCIC recommends users and administrators who require the SMB protocol to be enabled on their networks review theInternet Storm Center and Threatpost articles and use a packet filter, such as a firewall, to limit the number of connections allowed from a single source to servers over port 445.