IAA Removal of Server Message Block 1.0

Abstract: Server Message Block (SMB) 1.0 is a vulnerable, legacy file and print sharing protocol that has been deprecated[1] by Microsoft. The SMB 1.0 protocol is susceptible to downgrade and man-in-the-middle attacks, and uses MD5 for hashing which is susceptible to collision and pre-image attacks. All supported versions of the Windows operating system support at least SMB 2.0 and do not require SMB 1.0 for regular file and print sharing functionality. At a minimum, Microsoft recommends disabling SMB 1.0, but complete removal is recommended[2] when an operating system supports removal. If SMB 1.0 is still needed, then administrators should identify systems, devices, and software that only support SMB 1.0 and prioritize their removal, upgrade, or replacement.

Date Published:

Last Reviewed: 15 March 2017

Dissemination Control: N/A

Length: 2 page(s)

Format: pdf

Type: Advisory/Alert; Rapid Release Alert

Tags: Advisory; SMB - Server Message Block; Microsoft; MD5; Windows; Man in the Middle - MITM; hashing; Mitigations