What is Microsoft-DS? How vulnerable is Microsoft-DS?
I heard that Microsoft-DS is a port that is commonly used by hackers to hack computers it can transfer files. I want to know how do they transfer file with Microsoft-DS? Do they need an exploit to let the malware run?
Microsoft-DS is the name given to port 445 which is used by SMB (Server Message Block). SMB is a network protocol used mainly in Windows networks for sharing resources (e.g. files or printers) over a network. It can also be used to remotely execute commands. You use it basically every time you use Windows to access a file share, a printer, or any other resource located on the network. Over time, there were a lot of vulnerabilities found in the SMB implementation of Windows, some of which allowed for execution of arbitrary commands over the network, partly without any authentication. Also very common are weak configurations of SMB in networks that provide an easy attack surface. Together these points lead to SMB being a major attack point. An open-source implementation of SMB exists with the name of Samba, which is commonly used to easily use Linux and Windows together in a network.
What is the Microsoft-ds service?
Port 445 (Microsoft-DS) is a very active port on machines running Win2k and newer. It is used for the same functions that port 139 was used for on NT 4 and Win9x machines. This was basically NetBIOS over TCP/IP and SMB/CIFS traffic. Win2k and newer can also still use port 139 and most often use both ports 139 and 445. Ports 445 and 139 are used for TCP session establishment and file/printer sharing traffic. Port 445 is also used for communications between Win2k domain controllers and other servers. I'm pretty sure that Microsoft-ds, or ms-ds as you'll also see it, refers to directory services.