How to gain code execution through access to CIFS service on Windows?

Is it possible to gain code execution on a machine through access to CIFS service? And if so, how? In my case, I have a valid Kerberos TGS to CIFS service running on a host and I am able to copy and download files. I want to get a shell au… Continue reading How to gain code execution through access to CIFS service on Windows?

VU#974272: Microsoft Outlook retrieves remote OLE content without prompting

When a Rich Text(RTF)email is previewed in Microsoft Outlook,remotely-hosted OLE content is retrieved without requiring any additional user interaction. This can leak private information including the user’s password hash,which may be cracked by an attacker. Continue reading VU#974272: Microsoft Outlook retrieves remote OLE content without prompting

SMB/CIFS security in heterogeneous environment

Suppose I have several machines both Linux and Windows I want to connect to each other for file-sharing. Now I use mount -cifs command with vers=3.0 clause to access Windows shares from my Linux machines

mount -t cifs -o credentials=/etc/credentials.cred,vers=3.0,uid=1000,gid=1000 //192.168.137.1/folder /media/folder

and I also use standard Windows SMB/CIFS functionality to access Linux shares from Windows 10. What bothers me is the efficiency of such configuration.

I know that I can utilize encryption and signing in Windows, e.g. via Set-SmbServerConfiguration –RejectUnencryptedAccess $false, and I also know I can do this in Linux via smb.conf.

The question is: what is the most secure way to organize dual-way Samba sharing between Linux and Windows? Should I set up Linux as a server and Windows as client or vice versa?

It bothers me because of recent ransomware epidemic and impossibility to prohibit SMBv1 in Windows in such mixed heterogeneous landscape. When I turn off SMB/CIFS like this, my Linux boxes cannot access Windows boxes anymore.

Continue reading SMB/CIFS security in heterogeneous environment