Microsoft Wants To Kill Off Server Message Block 1

Microsoft is appealing to organizations to stop using Server Message Block (SMB) version 1.

The SMB protocol works with server and client operating systems, enabling actions such as file sharing, as well as requests from applications to read and write to files. SMB 1 has been around for 30 years, but it lacks some basic security protections that were enabled by the newer protocols (SMB 2 and SMB 3), Microsoft argued, in a Friday blog post.

"SMB 1 isn't safe" to use, the blog post contended. It doesn't have security protections against "downgrade attacks" and "man-in-the-middle attacks" that are provided in SMB 3. A successful downgrade attack would block out the security protections enabled by SMB 2 and newer protocols, Microsoft explained:

Your client will happily derp away on SMB1 and share all its darkest secrets unless you required encryption on that share to prevent SMB1 in the first place. This is not theoretical -- we've seen it.

The newer SMB protocols also optimize performance by enabling faster reads and writes. They add "peer caching of folders and file properties." Also supported are "durable handles, which help to reestablish lost server connections, among other improvements.

Microsoft argued that SMB 1 mostly isn't needed by organizations anyway. Exceptions might include organizations managing "old multifunction printers" or organizations running "decrepit management software," according to the blog post. The last "legit" reason to run SMB 1 is use of Windows Server 2003 or Windows XP under a Microsoft Custom Support agreement, Microsoft added.

SMB 1 can't be removed from OSes older than Windows 8 and Windows Server 2012 R2, but it can be disabled. Microsoft describes those details in this Knowledge Base article KB2696547.

Despite Microsoft having SMB 1 in its gun sights, it's nevertheless asking organizations for feedback on its use via a short survey. The survey questions suggest that Microsoft might be looking to turn off SMB 1 by default in the Windows 10 Enterprise and Education editions as a security measure.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.