Windows 11/Server 2024 SMB Security-Hardening

Posted on 2024-09-05 by guenni

Windows[German]In anticipation of the upcoming releases of Windows 11 24H2 and Windows Server 2025 at the end of August 2024, Microsoft has published a tech community article on the topic of "SMB Security Hardening". The whole thing is part of the Microsoft Secure Future Initiative (SFI), and the operating systems are to have hardened SMB settings right from the start in order to better protect against cyberattacks.

Advertising

SMB in Windows

The abbreviation SMB stands for Server Message Block, , a network protocol (also known as Common Internet File System, CIFS) for file, print and other server services in computer networks. It is a central part of the network services of the Windows product family and allows access to files and directories located on another computer.

The protocol is activated in the SMBv1, SMBv2 and SMBv3 variants in Windows client and server environments. Microsoft has been in the process of switching off the older SMBv1 for security reasons for years and only allowing SMBv2 and SMBv3. I reported on this in the blog post Windows 11 Home: SMB1 will be disabled and removed in the future. In a Microsoft support article, Microsoft describes how SMBv1, SMBv2 and SMBv3 can be activated and deactivated.

I also reported on Microsoft's plans to introduce SMB signing (through security signatures) in Windows 11 and later also in Windows 10 in the blog post Windows: SMB Signing required soon (now available in Windows 11 Insider Preview) for all versions in 2023. This is intended to protect systems in corporate environments against NTLM relay attacks.

SMB security hardening

At the end of August 2024, Ned Pyle published the article SMB security hardening in Windows Server 2025 & Windows 11 (see also the note from Thorsten E. in the following tweet).

Advertising

In the article, Pyle discusses the changes to SMB in the upcoming releases of Windows 11 24H2 and Windows Server 2025. Windows 11 24H2 and Windows Server 2025 are expected to include a dozen new SMB features to make data, users and therefore organizations more secure.

Advertising
This entry was posted in Security, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).