Microsoft plans to deactivate SMBv1 in Windows 10 V1709

Microsoft intends to retire the old SMBv1 network protocol from Fall 2017 for security reasons on Windows 10 and Windows Server 2016. Here are a few details.


Advertising


SMBv1 30 years old and unsecure

SMB stands for Server Message Block (also known as LAN-Manager or NetBIOS protocol) has been used as a network protocol for file, printer and other server services. SMBv1 has been designed more than 30 years ago and Microsoft’s implementation is categorized as deprecated.

Since Windows Vista there are SMBv2 and later, SMBv3 has been introduced. So SMBv1 isn’t necessary in Windows networks.

This fall SMBv1 shall be deactivated

Ned Pyle from Microsoft has published this blog post on June 1, 2017, where he enlists products from other vendors still using SMBv1. At the end of this blog post, Pyle mentions the end of SMBv1 for Microsoft Windows.

For more information on why using SMB1 is unsafe, see StopUsingSMB1. SMB1 has been deprecated for years and will be removed by default from many editions and SKUs of Windows 10 and Windows Server 2016 in the RS3 release.

RS3 means Windows 10 Fall Creators Update (Version 1709), expected in September/October 2017. Microsoft runs internally some test builds of Windows 10 Enterprise and Windows Server 2016 with SMBv1 deactivated.

Microsoft decided to retire SMBv1 five years ago (long before WannaCry malware used unpatched vulnerabilities in SMBv1). Ned Pyle told Bleeping Computer some more Details.

That date is now the release of Windows 10 Redstone 3, also referenced as the Fall Creators Update, scheduled for launch in October/November 2017.

After that day, every new Windows 10 or Windows Server 2016 OS you install will not have some or all of SMBv1 turned on, which is the norm right now.

This is not patching, nor upgrading, This is clean install RS3

So, only clean installs will see SMBv1 deactivated by default. Already running systems are untouched concerning SMBv1.

How to deactivate SMBv1?

If you intend to deactivate the deprecated SMBv1 in your Windows environment, this is possible. Microsoft has published this document, which describes, registry settings, PowerShell commands and also group policy settings to disable SMBv1 in Windows.

From Windows 8.1 onwards, Windows Features may be used, to uncheck the option SMB 1.0/CIFS File Sharing Support and remove SMBv1 support.


Advertising

This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *