Microsoft recommends Exchange administrators to disable SMBv1

Microsoft recommends disabling SMBv1

Microsoft strongly recommends administrators disable the SMBv1 protocol on Exchange servers to protect against threats that exploit its vulnerabilities.

Let me remind you that Microsoft has been implementing a systematic refusal to use the outdated SMBv1 for a long time. So, since 2016, the company has advised administrators to withdraw from SMBv1 support since this version of the protocol is almost 30 years old and does not contain the security improvements that were added in later versions.

Security enhancements include encryption, integrity checks before authentication to prevent man-in-the-middle (MiTM) attacks, blocking insecure guest authentication, and more.

To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server. There is no need to run the nearly 30-year-old SMBv1 protocol when Exchange 2013/2016/2019 is installed on your system. SMBv1 isn’t safe and you lose key protections offered by later SMB protocol versionsrecommend in Microsoft

Now the Exchange Team has once again reminded administrators of the insecurity of using SMBv1 because various malware still actively abuses them. Some vulnerabilities in SMB are exploited by EternalBlue and EternalRomance, as well as by TrickBot, Emotet, WannaCry, Retefe, NotPetya, Olympic Destroyer, and so on. In addition, known SMB problems can be used to spread the infection to other machines, perform destructive operations, and steal credentials.

In this regard, Microsoft experts strongly recommend disabling the obsolete version of SMB on Exchange 2013/2016/2019 servers.

Before disabling SMBv1, you should make sure you use a correctly configured and supported DAG witness server which supports at least SMBv2. You should make sure that the witness server is running a supported version of Windows Server, which is Windows Server 2012/2012R2/2016 or 2019recommended in Microsoft

The company says they did not check if the Exchange 2010 server was working correctly with SMBv1 disabled. And they are advised to upgrade from Exchange 2010 to Office 365 or a newer version of Exchange Server.

On this week, as part of the “Tuesday of updates” Microsoft fixed 99 bugs in its relatively products, including the sensational 0-day in Internet Explorer, but at the same time, the discontinuation of support for old products causes a very mixed reaction from users.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

View all of Vladimir Krasnogolovy's posts.

Leave a comment

Your email address will not be published.