none
SMB v1 Client in Windows 1709 RRS feed

  • Question

  • Hi,

    We have a requirement in my organisation to enable SMB v1 Client only on Windows 10 1709 endpoints as we have still few legacy servers running SMBv1. There are plans in place to upgrade the vulnerable servers, but meanwhile, SMBv1 Client only has to be enabled on Windows 10 endpoints running 1709.

    My questions is

    - Is SMBv1 Client that comes with Windows 10 1709 secure? (We know Microsoft strongly recommends not to use SMBv1 at all) But want to understand the risk.

    - If it is vulnerable, can someone provide some information on the vulnerabilities?

    Many thanks,

    KKRD

    Thursday, January 24, 2019 5:07 AM

All replies

  • Hi KKRD,

    >>Is SMBv1 Client that comes with Windows 10 1709 secure

    Yes. The following blog gives us a detailed explanation.

    Stop using SMB1

    https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

    For instance, WannaCry ransomware, which was a May 2017 worldwide cyberattack, WannaCry exploited the SMBv1 vulnerability and used TCP Port 445 to propagate.

    In my opinion, if you update those 1709 clients to the latest build and enable firewall, turn on SMBv1 is ok, but not recommended.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 24, 2019 6:14 AM
    Moderator
  • Hello Dear,

    With the increased ransomware attacks and due to most recent WannaCry ransomware hiccup, Microsoft has recommended users to disable the outdated SMBv1 protocol from their systems.

    How To Enable SMBv1 Protocol In Windows 10

    Using Windows Features Applet (Disable SMBv1 Protocol)

    1. Using Cortana or Windows Search, look for term features. From results, click Turn Windows Features On or Off. See this fix, if you find Turn Windows Features On or Off applet blank.

    2. In Turn Windows Features On or Off window, scroll down and look for SMB 1.0/CIFS File Sharing Support which must be checked by default. Check this option to Enable SMBv1 and click OK. 

    Thanks & Best Regards,

    Abhishek Sachdeva

    Please mark this answer if it is helpful for you.

    Thursday, January 24, 2019 6:37 AM
  • Hi Teemo Tang,

    Thanks for your reply from which I understand it's safe to use SMBv1 Client component. And thanks for the link which is very helpful.

    Would you be able to point me to any documentation that clarifies what makes SMBv1 Client component safe to use which I would like to use  to support my claims i.e its secure. I tried to look for it but unable to get to the right one. 

    Appreciate your help on this. Many Thanks in advance. Cheers !!

    Regards,

    KKRD.


    • Edited by kkrd Thursday, January 24, 2019 11:45 AM grammar corrections
    Thursday, January 24, 2019 11:39 AM
  • Thanks Abhishek for taking time to reply. I am aware of the procedures to enable/disable SMBv1. What I am looking for a documentation or KB article/MS blog/technet discussion confirming whether on not SMB v1 Client Component is secure.

    Thanks,

    KKRD.

    Thursday, January 24, 2019 11:42 AM
  • @KKRD,

    My opinion is that enable/use SMBv1 on Windows 10 1709 is ok and feasible, not use SMBv1 components on all clients is safe, please figure out.

    As MS17 010 mentioned, only Windows 10 1607 and earlier versions need to install corresponding patches for resist WannaCry, 1709 and later version just need to keep system is up to date.

    In the link I post in my last reply, there is a paragraph:

    Therefore, you need to think it over.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 25, 2019 1:48 AM
    Moderator