Microsoft Urges Exchange Admins to Disable SMBv1 to Block Malware

Porthos · Feb 12, 2020

Old news for some but...

Microsoft is advising administrators to disable the SMBv1 network communication protocol on Exchange servers to provide better protection against malware threats and attacks.

Since 2016, Microsoft has been recommending that administrators remove support for SMBv1 on their network as it does not contain additional security enhancements added to later versions of the SMB protocol.

These enhancements include encryption, pre-authentication integrity checks to prevent man-in-the-middle (MiTM) attacks, insecure guest authentication blocking, and more.

In a new post to the Microsoft Tech Community, the Exchange Team is urging admins to disable SMBv1 to protect their servers from malware threats such as TrickBot and Emotet.

https://www.bleepingcomputer.com/ne...nge-admins-to-disable-smbv1-to-block-malware/

SAFCasper · Feb 14, 2020

I can't think of any legitimate reason to have SMB1 enabled on an exchange server to begin with.

It's been disabled by default in every server OS since 2012.

Sky-Knight · Feb 14, 2020

Yeah, I'm trying to figure out why you'd have that on an Exchange install.

A file server? If you have some old XP/2003 stuff kicking around sure... but Exchange? You'd have to have your files ON the Exchange server for that to be a thing. And that's assuming you still run Exchange, every on prem server I used to have was O365'd long ago.

Umbra · Feb 15, 2020

Eternal Blue creator thanks those who had SMBv1 enabled on their network...

Sky-Knight · Feb 15, 2020

That would be the NSA...

Diggs · Feb 16, 2020

Old NASs that shouldn't be running require SMB1.

Microsoft Urges Exchange Admins to Disable SMBv1 to Block Malware

Porthos

Well-Known Member

SAFCasper

Well-Known Member

Sky-Knight

Well-Known Member

Umbra

Active Member

Sky-Knight

Well-Known Member

Diggs

Well-Known Member

Similar threads