Microsoft Didn't Remove the SMB1 Protocol from Windows

Microsoft explained in a Wednesday announcement that it didn't actually remove Server Message Block 1 (SMB1) from Windows releases.

SMB1 is a deprecated and insecure Windows component still used by many systems and products that was targeted by the infamous "WannaCry" malware back in 2017. WannaCry is a wiper that destroys access to files, posing as ransomware. The malware hit organizations around the globe, disabling systems used by hospitals, pharmaceutical companies, shipping firms and more.

Microsoft had claimed back then that it planned to remove SMB1, starting with the Windows 10 fall 2017 feature update and Windows Server 2016 operating systems, but that's not exactly what happened.

Microsoft instead ended up adding a "mitigation" that lets legacy devices and applications dependent on SMB1, such as Windows Explorer, continue to function without hanging. If SMB1 is disabled in a system, then the connection will get disabled, according to this mitigation scheme.

Here's Microsoft's explanation of the SMB1 mitigation, per the announcement by James Kehr, a Windows escalation engineer at Microsoft:

  • Windows 10 1709 (2017 Fall Update) and newer will send SMB1 dialects as part of the SMB negotiate. We do this to help interoperability with legacy devices. I.E. prevent Windows Explorer from pausing/hanging.
  • We will not actually allow an SMB1 connection when SMB1 is disabled. We only pretend to. The connection will end up getting closed when the server or client tries to use an SMB1 dialect.

An "SMB dialect" is sort like a version. Kehr defined it as "a revision of the SMB protocol specification."

Kehr was clear that organizations should "stop using SMB1," as well as the legacy software and devices that depend on it. He included some tips on how IT pros can search for SMB1 use.

Microsoft rewrote the protocol with SMB2. The current SMB3 protocol "still uses the MS-SMB2 protocol spec," so it's not that different of a product, Kehr explained.

Newer SMB products feature "full AES encryption of data payloads to prevent man-in-the-middle (MITM) snooping and attacks." They support "seamless failover between clustered file servers." Additionally, the "throughput between RDMA capable servers" was improved, Kehr indicated.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.