Disable, or plan to disable, SMBv1

SMBv1 is s deprecated protocol, replaced by SMBv2 and SMBv3.

A vulnerability in SMBv1, which was patched in MS17-010, has been exploited by Petya ransomware to propagate itself within a network.

Another vulnerability in SMBv1 can crash a server. Microsoft will not be patching this vulnerability.


How do you disable SMBv1? You want to use group policies. While a registry modification would work, you want group policy to enforce the change on any systems which may have been missed, any new systems, and any unsupported maintenance.


What products still require SMBv1? Windows prior to Vista (including Windows XP) and a variety of third party products:



Additional products may be discovered when Microsoft disables SMBv1 by default on new builds of Windows 10.



Comments are closed.