itman 1,659 Posted February 14, 2020 Share Posted February 14, 2020 (edited) Quote Microsoft is advising administrators to disable the SMBv1 network communication protocol on Exchange servers to provide better protection against malware threats and attacks. Since 2016, Microsoft has been recommending that administrators remove support for SMBv1 on their network as it does not contain additional security enhancements added to later versions of the SMB protocol. These enhancements include encryption, pre-authentication integrity checks to prevent man-in-the-middle (MiTM) attacks, insecure guest authentication blocking, and more. In a new post to the Microsoft Tech Community, the Exchange Team is urging admins to disable SMBv1 to protect their servers from malware threats such as TrickBot and Emotet. "To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server. There is no need to run the nearly 30-year-old SMBv1 protocol when Exchange 2013/2016/2019 is installed on your system. SMBv1 isn’t safe and you lose key protections offered by later SMB protocol versions. If you want to learn more about SMBv1 and why you should stop using it, I’d recommend reading this blog post published and updated by Ned Pyle." https://www.bleepingcomputer.com/news/microsoft/microsoft-urges-exchange-admins-to-disable-smbv1-to-block-malware/ Edited February 14, 2020 by itman The Rectifier 1 Link to comment Share on other sites More sharing options...
ESET Insiders The Rectifier 3 Posted February 14, 2020 ESET Insiders Share Posted February 14, 2020 About time. Using SMBv1 is like driving without a seat belt waiting the accident to happen. My only question is if it would be a good policy for eset to enable these options in firewall by default which are currently disabled. Link to comment Share on other sites More sharing options...
itman 1,659 Posted February 14, 2020 Author Share Posted February 14, 2020 (edited) 22 hours ago, The Rectifier said: My only question is if it would be a good policy for eset to enable these options in firewall by default which are currently disabled. Disabling the admin share SMB protocol option will block all SMB protocol connection attempts. This is OK for a stand-alone PC but could case issues with any devices that are part of a local network that need to share devices or files. Now I would enable the "Deny old (unsupported) SMB dialects" option, but only after testing it has no negative effects on a LAN. For the other Deny SMB options, one should consult Eset online help on what those apply to. Also note that Microsoft implies in its article that SMBv1 is used on Exchange Server vers. prior to 2013. If this is the case, the Deny old (unsupported) SMB dialects option if enabled, could cause problems. Edited February 15, 2020 by itman Link to comment Share on other sites More sharing options...
Recommended Posts