Disable, or plan to disable, SMBv1

SMBv1 is s deprecated protocol, replaced by SMBv2 and SMBv3.

A vulnerability in SMBv1, which was patched in MS17-010, has been exploited by Petya ransomware to propagate itself within a network. Another vulnerability in SMBv1 can crash a server. Microsoft will not be patching this vulnerability.

https://threatpost.com/windows-smb-zero-day-to-be-disclosed-during-def-con/126927/

Learn if you have a dependency upon SMBv1. Windows prior to Vista (including Windows XP) requires SMBv1. A variety of third party products use SMBv1:

https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-clearinghouse/

Manage SMBv1 using group policies. While a registry modification would work, you want group policy to enforce the change on any systems which may have been missed, any new systems, and any unsupported maintenance.

https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows

Additional products may be discovered when Microsoft disables SMBv1 by default on new builds of Windows 10.

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-smbv1-in-windows-starting-this-fall/

This entry was posted on Saturday, August 26th, 2017 at 10:09 AM and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

Aggressive Virus Defense

Disable, or plan to disable, SMBv1

Related

About Me

Contents

Pages

Travel

Meta