Security News Nearly One Million Systems Provide "Guest" SMB Access, Most Are Linux

[LASER_oneXM]

....some quotes from the article:

Over 2.2 million devices running outdated SMBv1
Going back to the big picture, of the 2,306,820 devices running open SMB ports, 96% — or over 2.2 million devices — support SMBv1.

This first version of the SMB file sharing protocol is over three decades old and known to be vulnerable to many security bugs.

ETERNALBLUE, the exploit used by the WannaCry ransomworm to spread to new PCs, uses SMBv1.

Microsoft told Bleeping Computer two days ago it plans to disable SMBv1 for all new Windows clean installs, starting this fall.

There are 2,306,820 devices connected to the Internet at the moment that feature open ports for SMB services, the same protocol that was used to infect hundreds of thousands of computers with the WannaCry ransomworm a month ago.

Of these, 42%, or nearly 970,000, provide "guest" access, meaning anyone can access data shared via the SMB file-sharing protocol without needing to provide authentication.

The exploits used by WannaCry didn't necessarily need guest access, but only that the system be connected to the Internet. Providing guest access opens the machine to less complex exploits.

According to Shodan founder John Matherly, who compiled these numbers over the past few days, of these nearly one million SMB devices with guest access, 90% are running Samba, a Linux file sharing application that provides interfacing with SMB services on Windows.

Both Windows and Samba come with SMB guest access disabled by default, which means that device administrators are intentionally enabling this feature. Matherly points out that almost half of the devices that have Samba SMB guest access enabled are located on the network of Etisalat, a large ISP in UAE.