These Linux and Windows systems are similar in that both created remote concerns by having port 445 open on the perimeter. Samba is used to enable Linux devices, such as printers, to communicate with Windows systems, and it is a key element in having interoperability between the operating systems.
It’s interesting the Samba vulnerability (CVE-2017-7494) was announced soon after the WannaCry ransomware spread. While neither has anything to do with the other, seeing this vulnerability just cements the urgent need for IT security to move back to the fundamentals.
Both of the vulnerabilities are concerning for remote execution if the systems are exposed to the internet and are unpatched. Also, both of the vulnerabilities require a payload to be dropped in order to achieve their results. In the case of WannaCry, it was EternalBlue that was used to power the malware; in the Samba vulnerability, there was no known malware wrapped around the exploit. Read my article below:
*** This is a Security Bloggers Network syndicated blog from Frontline Sentinel authored by Matthew Pascucci. Read the original post at: http://feedproxy.google.com/~r/frontlinesentinel/qMCv/~3/16iA98qrIvE/how-is-samba-vulnerability-different.html