Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The ancient Microsoft networking protocol at the core of the latest global malware attack

Preston Gralla | July 7, 2017
The company is going to kill off SMB1 at long last, but you shouldn’t wait to disable it.

Back in 2013, Microsoft announced it would eventually kill SMB1, saying the protocol was “planned for potential removal in subsequent releases.” That time is almost here. This fall, when the Windows 10 Fall Creators Update is released, the protocol will finally be removed from Windows.

But enterprises shouldn’t wait for then. They should remove the protocol right away, just as Pyle recommends. Before doing that, they would do well to read the SMB Security Best Practices document, put out by US-CERT, which is run by the U.S. Department of Homeland Security. It suggests disabling SMB1, and then “blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.”

As for how to disable SMB1, turn to a useful Microsoft article, “How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server.” Note that Microsoft recommends keeping SMB2 and SMB3 active, and only deactivating them for temporary troubleshooting.

An even better source for killing SMB1 is the TechNet article “Disable SMB v1 in Managed Environments with Group Policy.” It is the most up-to-date article available and more comprehensive than others.

Turning off SMB1 will do more than protect your enterprise against next global malware infection. It will also help keep your company safer against hackers who specifically target it and not the entire world.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.