NetBIOS over the Internet
Impact
This vulnerability allows malicious users to access files in any exported, mounted
file system. In other words, this vulnerability allows hackers to delete or change
files found on a mounted file system.
Background
This vulnerability is identical to the Unrestricted NFS Access vulnerability.
SMB stands for Server Messaging Block, and is the Windows
equivalent to Sun's NFS, or Network File System. It allows
for the sharing of file systems over a network using the NetBios
protocol. Shared file systems act as drives and look, for all practical
purposes, like file systems local to a user's machine (local drives).
Microsoft has used SMB as its main networked file system
protocol since Windows NT 3.5.
The Problem
This vulnerability allows hackers to access all files found on any
exported, mounted file systems. Furthermore, if the exported file systems
are not properly configured, malicious users are able to access them without
needing a password.
Resolution
The resolution to this vulnerability is to disable the NetBIOS over the Internet
service. This service may be disabled by accessing it through the
Network Properties dialog boxes in the Control Panel.