Ned Pyle published a good read on technet yesterday. His plea to disable SMB1 is a great example of how old protocols that just won’t die are creating vulnerabilities that shouldn’t exist.
SMB1 is nearly 30 years old, created for a world without internet and malware like ransomware. The problem isn’t only SMB1, it’s the fact that a lot of software depends on old tech to function. Admins can’t disable the protocol because software is using it, and software is using the protocol because it’s available.
We all know that developers can be lazy, and thus won’t be changing their software as long as it works. In this case it’s the environment that needs to change. As soon as people start disabling old protocols as SMB1 the developers will need to update their software.
Of course you have the situations where a company is still running program X which is no longer supported. But running unsupported software is a vulnerability itself.
I highly recommend reading the article “Stop using SMB1” by Ned on technet for more information on why you should disable SMB1 and how to do it.
How to disable SMB1
There are several ways to disable SMB1, which one you should use depends on your personal preference. You only need to perform one of these 3 to fully disable SMB1.
Powershell
Start Windows PowerShell as administrator an use the following command to disable SMB1:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 0 –Force |
Reboot your computer, SMB1 is now disabled.
This essentially only changes an registry value, something you could also do using the registry editor.
Registry
Open the registry editor and navigate to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters |
Set the SMB1 DWORD value to 0 (disabled).
Reboot your computer, SMB1 is now disabled.
Control Panel
You are also able to disable SMB1 using the windows GUI.
Open the Control Panel and choose “Program & Features”, here click “Turn Windows features on or off”.
In the Windows Features list disable SMB1 by unchecking “SMB 1.0/CIFS File Sharing Support”.
Reboot your computer, SMB1 is now disabled.