A flaw in Microsoft Corp.'s implementation of the SMB protocol, as outlined in MS05-027, could soon be used to conduct an impending mass malicious code attack targeting Windows, it has been suggested. Evidence for this seems to come from what has been called an "ominous increase in sniffing activity on TCP Port 445" which has been discovered by Symantec Corp.'s DeepSight Network. Exploits may have already been created for MS05-027, and could be on their way very soon in the form of a mass malware attack.
John Pescatore, VP of security research at Gartner Inc., said the reports of increased sniffing on Port 445 are a "serious concern for enterprise security managers" because such activity usually means a mass attack is imminent.
"Such attacks typically follow a highly predictable timeline," Pescatore said, warning that attackers have in the past reverse-engineered patches to create exploit code or widespread circulation.
You should seriously consider applying the update for MS05-027 (available here) and should also consider taking action to block TCP Port 445 by use of a firewall. Additionally, you should seek to apply all relevant security updates to your Windows system by use of the Windows update site, and you should install and keep up to date good anti-virus software. Be warned, this one might turn out to be nasty!