• About
  • Advertise
  • Careers
  • Contact
Sunday, February 5, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Microsoft recommends Exchange admins to disable the SMBv1 protocol

by Cyber360 News
February 13, 2020
in Security
0
Microsoft recommends Exchange admins to disable the SMBv1 protocol
0
SHARES
6
VIEWS
Share on FacebookShare on Twitter

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks.

Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet.

“To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server.” reads an advisory published by the Microsoft Tech Community.

The SMBv1 protocol is a network communication protocol for providing shared access to files, printers, and serial ports between nodes on a network. It also provides an authenticated inter-process communication mechanism.

Since 2016, Microsoft is urging admins to stop using SMBv1, later versions of the protocol implemented security enhancements, such as encryption, pre-authentication integrity checks to prevent man-in-the-middle (MiTM) attacks, and insecure guest authentication blocking.

Now the Exchange is remarking the need to disable the SMBv1on exchange servers.

“There is no need to run the nearly 30-year-old SMBv1 protocol when Exchange 2013/2016/2019 is installed on your system. SMBv1 isn’t safe and you lose key protections offered by later SMB protocol versions. If you want to learn more about SMBv1 and why you should stop using it, I’d recommend reading this blog post published and updated by Ned Pyle.” continues Microsoft

“Microsoft publicly deprecated the SMBv1 protocol in 2014 and so we stopped installing it by default when using Windows Server 2016 1709 (RS3). Please see this KB for more information.“

In 2017, the Shadow Brokers hacking group released a collection of NSA exploits and hacking tools targeting Microsoft’s Windows OS, some of them were developed to exploit the SMBv1 protocol to execute commands on vulnerable servers with administrative privileges.

Two of the most popular exploits today implemented in several malware strains are EternalBlue and EternalRomance. The list of malware including the exploits is long and includes Emotet, TrickBot, WannaCry, Retefe, NotPetya, and the Olympic Destroyer.

SMBv1 is no longer installed by default since Windows 10 version 1709 and Windows Server version 1709, while latest versions of the operating systems are using SMBv3.

To check if SMBv1 is enabled on a Windows server, users can execute the following PowerShell commands depending on their Windows Server version.

Windows Server 2008 R2: By default, SMBv1 is enabled in Windows Server 2008 R2. Therefore, if the following command does not return an SMB1 value or an SMB1 value of 1, then it is enabled. If it returns an SMB1 value of 0, it is disabled.

Get-Item HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters | ForEach-Object {Get-ItemProperty $_.pspath}

Windows Server 2012: If the command returns false, SMBv1 is not enabled.

Get-SmbServerConfiguration | Select EnableSMB1Protocol

Windows Server 2012 R2 or higher: If the command returns false, SMBv1 is not enabled.

(Get-WindowsFeature FS-SMB1).Installed
Get-SmbServerConfiguration | Select EnableSMB1Protocol

If SMBv1 is enabled on admins’ server, they can disable it using the following commands.

Windows Server 2008 R2:

Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters" -Name SMB1 -Type DWORD -Value 0 –Force

Windows Server 2012:

Set-SmbServerConfiguration -EnableSMB1Protocol $false -force

Windows Server 2012 R2 or higher:

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
Set-SmbServerConfiguration -EnableSMB1Protocol $false

Pierluigi Paganini

(SecurityAffairs – Microsoft Exchange, SMBv1)



Share On


Cyber360 News

Cyber360 News

Next Post
The company that owns the database claim that since these are incarcerated individuals, their rights differ substantially from the free lot in terms of privacy.

The company that owns the database claim that since these are incarcerated individuals, their rights differ substantially from the free lot in terms of privacy.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In