Skip to main content

Security Alert: Sys admins - disable Windows SMBv1

Date:
2017-08-23 15:44:00
Status:
Closed
Brief Description:
A number of recent exploits have highlighted the insecurity of Microsoft's SMBv1 protocol. This protocol has been deprecated and should be shut off everywhere possible, with preference given to newer implementations (e.g. SMBv3).
Current Status:
N/A
Services Affected:
Not Applicable
Full Description:
A number of recent exploits have highlighted the insecurity of Microsoft's SMBv1 protocol. This protocol has been deprecated and should be shut off everywhere possible, with preference given to newer implementations (e.g. SMBv3). Cornell systems administrators should work to identify where SMB1 is in use and disable / replace it. The protocol will use the highest supportable version for connectivity between two systems; therefore an older, less secure server can cause a weak link.

Please see this technet article from Microsoft for identifying SMBv1 in your environment: https://blogs.technet.microsoft.com/ralphkyttle/2017/05/13/smb1-audit-active-usage-using-message-analyzer/

Any questions or requests for assistance should be directed to the IT Security Office.