Microsoft To Drop SMBv1 In Its Upcoming Windows Update
The 30-year-old distributed IPC protocol is being dropped by Windows for users’ online security.
SMBv1, the earliest version of Server Message Block protocol used for resource sharing and Inter Process communication among nodes on a network will be deprecated in the forthcoming Windows update.
Almost everyone who had even a little familiarity with computers and the Internet heard about Wanacry. The ransomware which wreaked havoc last month and was the reason for a spike in cyber security awareness. Although this “awareness” among common people is expected to dump soon, tech companies are not going to get away with it in a similar way.
Wanna cry used NSA’s exploit leaked by Shadow Brokers in a data dump in April. This exploit was based on a vulnerability present in SMBv1. Although Microsoft patched the same in an update released in March most of the users remained unaware of it.
After the havoc and the “kill switch” solution, it was advised that the best way is to disable SMB on user systems if they do not need it. Microsoft is doing the work on the users’ behalf by deprecating the old SMBv1 in its next update of Windows.
Ned Pyle, the principal program manager for Microsoft’s Windows Server High Availability and Storage division, has also published a blog post this month, enlisting products from other vendors that are still using SMBv1 and begged them to stop using it now.
“SMB1 is being removed (fully or partially, depending on SKU) by default in the RS3 release of Windows and Windows Server. This is coming, folks,” Pyle wrote.
In the meantime, it is advised to disable SMBv1 and use the newer SMBv2 and SMBv3 instead. Microsoft has published a document, which describes registry settings, PowerShell commands as well as group policy settings to disable SMBv1 in your Windows environment manually.