The SMBv1 is one of the internet's most ancient networking protocols that allows the operating systems and applications to read and write data to a system and a system to request services from a server.
The WannaCry ransomware, which wreaked havoc last month, was also leveraging an NSA's Windows SMB exploit, dubbed EternalBlue, leaked by the Shadow Brokers in its April data dump.
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
The WannaCry ransomware menace shut down hospitals, telecommunication providers, and many businesses worldwide, infecting hundreds of thousands of unpatched Windows servers running SMBv1 in more than 150 countries within just 72 hours on 12th of May.
Although Microsoft patched the vulnerability in SMBv1 in March in MS17-010, the company meanwhile strongly advised users to disable the three decades old protocol completely.
And you should disable it completely.
I mean come on, since Windows Vista you have SMBv2 and later SMBv3, and you are continuing to allow the old and horribly insecure SMBv1 protocol to run on your network.
Strange! Because there's no excuse to continue.
Ned Pyle, the principal program manager for Microsoft's Windows Server High Availability and Storage division, has also published a blog post this month, enlisting products from other vendors that are still using SMBv1 and begged them to stop using it now.
Pyle also hinted that the company has been planning to remove SMBv1 from Windows 10 Fall Creators Update (Version 1709), which is expected to release in September/October 2017.
"SMB1 is being removed (fully or partially, depending on SKU) by default in the RS3 release of Windows and Windows Server. This is coming, folks," Pyle wrote.Microsoft has recently announced the beta release of Windows 10 "Creators Update," also known as "Redstone 2" (Version 1703), which disables the SMB1 protocol by default, and after testing and getting feedback from the community, the company has decided to completely remove the protocol in the next stable version of the operating system.
A Microsoft representative has just confirmed this to Threatpost, saying "We can confirm that SMBv1 is being removed for Redstone 3 [codename for the Windows 10 Fall Creators Update]."
Meanwhile, the company has published a document, which describes registry settings, PowerShell commands as well as group policy settings to disable SMBv1 in your Windows environment manually.