Microsoft Wants To Kill Off Server Message Block 1

Microsoft is appealing to organizations to stop using Server Message Block (SMB) version 1.

The SMB protocol works with server and client operating systems, enabling actions such as file sharing, as well as requests from applications to read and write to files. SMB 1 has been around for 30 years, but it lacks some basic security protections that were enabled by the newer protocols (SMB 2 and SMB 3), Microsoft argued, in a Friday blog post.

"SMB 1 isn't safe" to use, the blog post contended. It doesn't have security protections against "downgrade attacks" and "man-in-the-middle attacks" that are provided in SMB 3. A successful downgrade attack would block out the security protections enabled by SMB 2 and newer protocols, Microsoft explained:

Your client will happily derp away on SMB1 and share all its darkest secrets unless you required encryption on that share to prevent SMB1 in the first place. This is not theoretical -- we've seen it.

The newer SMB protocols also optimize performance by enabling faster reads and writes. They add "peer caching of folders and file properties." Also supported are "durable handles, which help to reestablish lost server connections, among other improvements.

Microsoft argued that SMB 1 mostly isn't needed by organizations anyway. Exceptions might include organizations managing "old multifunction printers" or organizations running "decrepit management software," according to the blog post. The last "legit" reason to run SMB 1 is use of Windows Server 2003 or Windows XP under a Microsoft Custom Support agreement, Microsoft added.

SMB 1 can't be removed from OSes older than Windows 8 and Windows Server 2012 R2, but it can be disabled. Microsoft describes those details in this Knowledge Base article KB2696547.

Despite Microsoft having SMB 1 in its gun sights, it's nevertheless asking organizations for feedback on its use via a short survey. The survey questions suggest that Microsoft might be looking to turn off SMB 1 by default in the Windows 10 Enterprise and Education editions as a security measure.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube