Friday, 23 June 2017 10:56

WannaCry relied on decades-old vulnerability Featured

By

Microsoft will turn off the Server Message Block Version 1 (SMBv1) from its latest Insider early access build 16226 of Windows 10 beginning this autumn. SMBv1 is a decades-old protocol that WannaCry used to infect older systems.

Microsoft has long been warning developers in the sternest terms not to use SMBv1 unless it is absolutely necessary. It says in a September 2016 blog, “SMB1 isn’t safe. The nasty bit is that no matter how you secure all these things if your clients use SMB1, then a man-in-the-middle can tell your client to ignore all the above. All they need to do is block SMB2+ on themselves and answer to your server’s name or IP. Your client will happily derp away on SMB1 and share all its darkest secrets unless you required encryption on that share to prevent SMB1 in the first place. This is not theoretical – we’ve seen it. We believe this so strongly that when we introduced Scaleout File Server, we explicitly prevented SMB1 access to those shares!”

 MS SMB 1

MS SMB 2

US-CERT agrees - https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices

The problem for some was that SMBv1 was used by a large number of third-party peripheral suppliers like HPE, Cisco, NetGear, VMWare and even Microsoft XP and Sever 2003 (list here) and disabling it breaks functionality. It was also used to communicate with legacy VAX, IBM AS400, and older legacy software etc.

It all boils down to cyber criminals working out how to exploit a decades-old vulnerability designed for a world that no longer exists. If that is not a good argument for drawing a line in the sand on legacy support for Windows and devices then I don’t know what is. Damned if you do and damned if you don’t.

in its latest blog on build 16226 Microsoft states:

Windows 10 and SMB1: As part of a multi-year security plan, we are removing the SMB1 networking protocol from Windows by default. This build has this change, however, the change only affects clean installations of Windows, not upgrades. We are making this change to reduce the attack surface of the OS. Here are some more details to take note of:

  • All Home and Professional editions now have the SMB1 server component uninstalled by default. The SMB1 client remains installed. This means you can connect to devices from Windows 10 using SMB1, but nothing can connect to Windows 10 using SMB1. We still recommend you uninstall SMB1 if you are not using it. In a later feature update of Windows 10, we may uninstall SMB1 client if we detect that you are not using it.
  • All Enterprise and Education editions have SMB1 totally uninstalled by default.
  • The removal of SMB1 means the removal of the legacy Computer Browser service. The Computer Browser depends exclusively on SMB1 and cannot function without it. 
Read 9715 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

ENABLING MICROSOFT TEAMS IN THE CONTACT CENTRE

If you're looking at enabling Microsoft Teams for your contact centre, you should bookmark this webinar.

Marketing budgets are now focused on Webinars combined with Lead Generation.

Our panellists from Whangarei District Council (NZ) and Maurice Blackburn Lawyers (Aus) were closely involved in recent projects to enable Microsoft Teams for their own contact centres.

They have kindly agreed to join Enghouse and Microsoft to talk about some of the things they would recommend as most critical for IT and CX professionals planning a Teams Contact Centre migration.

Date: 11 May 2022
Time: 12pm AEST | 2pm NZST | 10am SGT

We look forward to having you join us. Please click the button below to register.

REGISTER HERE!

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

VENDOR NEWS