Microsoft to Disable SMBv1 in Windows Starting This Fall

[brambedkar59]

Starting this fall, with the public launch of the next major Windows 10 update — codenamed Redstone 3 — Microsoft plans to disable SMBv1 in most versions of the Windows operating systems.

Internally, Microsoft has been already building Windows versions where SMBv1 — a file sharing protocol Microsoft developed in the early 90s — has been disabled.

Good move by MS.

 

[Ink]

a file sharing protocol Microsoft developed in the early 90s — has been disabled

What else is from the past in Windows 10?
Maybe that's why Windows 10 Mobile is unpopular, it lacks XP-features.

 

[509322]

What else is from the past in Windows 10?
Maybe that's why Windows 10 Mobile is unpopular, it lacks XP-features.

Windows is so rife with legacy stuff it is as if half of it has been preserved in formaldehyde. Who needs backwards compatibility with Win 95 era stuff ?

 

[brambedkar59]

What else is from the past in Windows 10?
Maybe that's why Windows 10 Mobile is unpopular, it lacks XP-features.

Lol, you are right. Ensuring backward compatibility in windows is a double edged sword. It's ensuring windows have large user base but with a side effect of huge no. of security holes.

 

[brambedkar59]

Who needs backwards compatibility with Win 95 era stuff ?

Can't say about 95 but XP sure is hanging around even now.
Microsoft Issues Windows XP Security Updates for Previously Ignored NSA Hacking Tools

 

[Andy Ful]

Starting this fall, with the public launch of the next major Windows 10 update — codenamed Redstone 3 — Microsoft plans to disable SMBv1 in most versions of the Windows operating systems.

Internally, Microsoft has been already building Windows versions where SMBv1 — a file sharing protocol Microsoft developed in the early 90s — has been disabled.

Good move by MS.

Good move for home users, but not necessarily for Enterprises.
Disable SMBv1, Considerations and Execution - PDQ.com

 

[509322]

Good move for home users, but not necessarily for Enterprises.
Disable SMBv1, Considerations and Execution - PDQ.com

That article is absolute fear-mongering and justification for continued use of an antiquated, insecure protocol. Typical legacy argument.

 

[Fritz]

What else is from the past in Windows 10?
Maybe that's why Windows 10 Mobile is unpopular, it lacks XP-features.

Yep, that means I won't use Windows 10 on all my computers either.

There's a 15k$ printer from 2012/2013 running in my office that uses SMBv1 for the scanning unit I need to OCR all kinds of receipts and stuff. And no, it's not some cheapo POS, enterprise products don't always use the newest protocol on the block but instead rely on what works.

Sure ain't gonna whip out another 15k and throw that perfectly functioning device in the trash because Microsoft feels the need to protect me from myself. Thanks, but no, thanks.

 

[brambedkar59]

Good move for home users, but not necessarily for Enterprises.

Yep, that means I won't use Windows 10 on all my computers either.

Guys guys, read the damn article not just the headline. From what I understand, No one is removing the SMBv1, just disabling. Can be easily re-enabled.

 

[brambedkar59]

Also
"Besides security, the code itself was superseded by SMB2 and later for functionality; SMB1 brings no special value except ubiquity – SMB2 can do what SMB1 can, plus many other things."

 

[Terry Ganzi]

Then i think this is a must read Microsoft Networking -- SMB configuration in Windows 10 | Technibble Forums

 

[Andy Ful]

Guys guys, read the damn article not just the headline. From what I understand, No one is removing the SMBv1, just disabling. Can be easily re-enabled.

The article (Disable SMBv1, Considerations and Execution - PDQ.com) is about disabling (not removing) SMB 1.0. The problems can arise when there are many machines in the network. Look at this fragment:
Recovery will most likely require a physical visit to each machine in your organization, remote or local. There is no “undo” switch, no command in which to recover from a loss of authentication due to SMBv1 disablement (except maybe something like setting up a scheduled task to undo the change locally should things go terribly awry).

Edit1.
Anyway, I think that the Microsoft move is the right one.

Edit2.
The less painful method to handle it, is turning off all devices dependent on SMB1, upgrade Windows, turn on SMB1 on computers, and finally turn on devices again. It is also probable, that after upgrade, SMB settings will be inherited from the prior Windows version.

Edit3.
Most Enterprises will stick to Windows 7 (or even XP), because upgrading the system will carry costs related to the new devices (CNC machines, medical equipment in hospitals, etc.).

 

[brambedkar59]

The article (Disable SMBv1, Considerations and Execution - PDQ.com) is about disabling (not removing) SMB 1.0. The problems can arise when there are many machines in the network. Look at this fragment:
Recovery will most likely require a physical visit to each machine in your organization, remote or local. There is no “undo” switch, no command in which to recover from a loss of authentication due to SMBv1 disablement (except maybe something like setting up a scheduled task to undo the change locally should things go terribly awry).

Edit1.
Anyway, I think that the Microsoft move is the right one.

Edit2.
The less painful method to handle it, is turning off all devices dependent on SMB1, upgrade Windows, turn on SMB1 on computers, and finally turn on devices again. It is also probable, that after upgrade, SMB settings will be inherited from the prior Windows version.

Edit3.
Most Enterprises will stick to Windows 7 (or even XP), because upgrading the system will carry costs related to the new devices (CNC machines, medical equipment in hospitals, etc.).

From the article

.
After that day, every new Windows 10 or Windows Server 2016 OS you install will not have some or all of SMBv1 turned on, which is the norm right now.

"This is not patching, nor upgrading," Pyle said. "This is clean install RS3."

This means Microsoft decision will not affect existing Windows installations, where SMBv1 might be part of a critical system.

 

[Andy Ful]

From the article
After that day, every new Windows 10 or Windows Server 2016 OS you install will not have some or all of SMBv1 turned on, which is the norm right now.

"This is not patching, nor upgrading," Pyle said. "This is clean install RS3."

This means Microsoft decision will not affect existing Windows installations, where SMBv1 might be part of a critical system.

That is why it is not necessarily good news for Enterprises.
Most of them will stick with Windows 7 or XP, and potentially vulnerable SMB1.

 

[509322]

The key word is Enterprises.

There are very few home users that actually use SMB, but because the topic of SMB is not clearly explained, a lot of home users are frantically trying to protect themselves against something for which they were never at-risk.

It makes about as much sense as buying flood insurance when you live in the Sahara desert.

 

[Andy Ful]

The key word is Enterprises.

There are very few home users that actually use SMB, but because the topic of SMB is not clearly explained, a lot of home users are frantically trying to protect themselves against something for which they were never at-risk.

It makes about as much sense as buying flood insurance when you live in the Sahara desert.

That is true. Most home users probably may turn off not only SMB 1.0 but also SMB 2.0 and 3.0. The problems for them can arise when using NAS devices or some network printers.

 

[509322]

That is true. Most home users probably may turn off not only SMB 1.0 but also SMB 2.0 and 3.0. The problems for them can arise when using NAS devices or some network printers.

Typical home users do not even know what a NAS device or networked printer is. They cannot even handle Wifi capable printers.

 

[Deleted member 178]

The key word is Enterprises.

There are very few home users that actually use SMB, but because the topic of SMB is not clearly explained, a lot of home users are frantically trying to protect themselves against something for which they were never at-risk.

It makes about as much sense as buying flood insurance when you live in the Sahara desert.

Lol yes and they all get caught in the fearmonging "promotion" of some vendors proclaiming they protect you from it .

 

[Andy Ful]

This blog may be useful, when disabling SMB1:
SMB1 Product Clearinghouse

From the blog:
This blog post contains all products requiring SMB1, where the vendor explicitly states this in their own documentation or communications. This list is not complete and you should never treat it as complete; check back often.

 

[509322]

This blog may be useful, when disabling SMB1:
SMB1 Product Clearinghouse

From the blog:
This blog post contains all products requiring SMB1, where the vendor explicitly states this in their own documentation or communications. This list is not complete and you should never treat it as complete; check back often.

The user is always responsible for what happens on their system:

"There are vendors who are not publishing their SMB1 requirements. It is up to you, their customer, to have them publish this information – Microsoft cannot make them do so."

"SMB1 has been deprecated for years and will be removed by default from many editions and SKUs of Windows 10 and Windows Server 2016 in the RS3 release."

Anyway, except for the printers and wifi speakers, all the products listed are essentially Enterprise products and some products are absolutely obsolete.