adv

The ancient Microsoft networking protocol at the core of the latest global malware attack

Another day, another global malware attack made possible by a Microsoft security hole. Once again, attackers used hacking tools developed by the U.S. National Security Agency (NSA), which were stolen and subsequently released by a group called Shadow Brokers.

This time around, though, the late-June attack apparently wasn’t ransomware with which the attackers hoped to make a killing. Instead, as The New York Times noted, it was likely an attack by Russia on Ukraine on the eve of a holiday celebrating the Ukrainian constitution, which was written after Ukraine broke away from Russia. According to the Times, the attack froze “computers in Ukrainian hospitals, supermarkets, and even the systems for radiation monitoring at the old Chernobyl nuclear plant.” After that, it spread worldwide. The rest of the world was nothing more than collateral damage.

NSA bears a lot of responsibility

The NSA bears a lot of responsibility for this latest attack because it develops these kinds of hacking tools and frequently doesn’t tell software makers about the security holes they exploit. Microsoft is one of many companies that have beseeched the NSA not to hoard these kinds of exploits. Brad Smith, Microsoft’s president and chief legal officer, has called on the NSA “to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits” and stop stockpiling them.

Smith is right. But once again, a global malware attack exploited a serious insecurity in Windows, this time a nearly 30-year-old networking protocol called SMB1 that even Microsoft acknowledges should no longer be used by anyone, anywhere, at any time.

First, a history lesson. The original SMB (Server Message Block) networking protocol was designed at IBM for DOS-based computers nearly 30 years ago. Microsoft combined it with its LAN Manager networking product around 1990, added features to the protocol in its Windows for Workgroups product in 1992, and continued using it in later versions of Windows, up to and including Windows 10.

Clearly, a networking protocol designed originally for DOS-based computers, then combined with a nearly 30-year-old networking system, is not suitable for security in an internet-connected world. And to its credit, Microsoft recognizes that and is planning to kill it. But a lot of software and enterprises use the protocol, and so Microsoft hasn’t yet been able to do it in.



Comments