Jump to content
itman

Microsoft Urges Exchange Admins to Disable SMBv1 to Block Malware

Recommended Posts

 

Quote

Microsoft is advising administrators to disable the SMBv1 network communication protocol on Exchange servers to provide better protection against malware threats and attacks.

Since 2016, Microsoft has been recommending that administrators remove support for SMBv1 on their network as it does not contain additional security enhancements added to later versions of the SMB protocol.

These enhancements include encryption, pre-authentication integrity checks to prevent man-in-the-middle (MiTM) attacks, insecure guest authentication blocking, and more.

In a new post to the Microsoft Tech Community, the Exchange Team is urging admins to disable SMBv1 to protect their servers from malware threats such as TrickBot and Emotet.

"To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server.

There is no need to run the nearly 30-year-old SMBv1 protocol when Exchange 2013/2016/2019 is installed on your system. SMBv1 isn’t safe and you lose key protections offered by later SMB protocol versions. If you want to learn more about SMBv1 and why you should stop using it, I’d recommend reading this blog post published and updated by Ned Pyle."

Edited by itman

Share this post


Link to post
Share on other sites

About time. Using SMBv1 is like driving without a seat belt waiting the accident to happen. My only question is if it would be a good policy for eset to enable these options in firewall by default which are currently disabled.

 

image.png.7027f23e3c058601b63b388663bf2d8e.png

Share this post


Link to post
Share on other sites
22 hours ago, The Rectifier said:

My only question is if it would be a good policy for eset to enable these options in firewall by default which are currently disabled.

Disabling the admin share SMB protocol option will block all SMB protocol connection attempts. This is OK for a stand-alone PC but could case issues with any devices that are part of a local network that need to share devices or files.

Now I would enable the "Deny old (unsupported) SMB dialects" option, but only after testing it has no negative effects on a LAN. For the other Deny SMB options, one should consult Eset online help on what those apply to.

Also note that Microsoft implies in its article that SMBv1 is used on Exchange Server vers. prior to 2013. If this is the case, the Deny old (unsupported) SMB dialects option if enabled, could cause problems.

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...