Disable, or plan to disable, SMBv1

SMBv1 is s deprecated protocol, replaced by SMBv2 and SMBv3.

A vulnerability in SMBv1, which was patched in MS17-010, has been exploited by Petya ransomware to propagate itself within a network.

Another vulnerability in SMBv1 can crash a server. Microsoft will not be patching this vulnerability.

https://threatpost.com/windows-smb-zero-day-to-be-disclosed-during-def-con/126927/

How do you disable SMBv1? You want to use group policies. While a registry modification would work, you want group policy to enforce the change on any systems which may have been missed, any new systems, and any unsupported maintenance.

https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows

What products still require SMBv1? Windows prior to Vista (including Windows XP) and a variety of third party products:

https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-clearinghouse/

 

Additional products may be discovered when Microsoft disables SMBv1 by default on new builds of Windows 10.

 https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-smbv1-in-windows-starting-this-fall/

Advertisements

Comments are closed.