Microsoft strongly recommends administrators to disable the SMBv1 protocol on Exchange servers to protect against threats that exploit its vulnerabilities.
Let me remind you that Microsoft has been implementing a systematic refusal to use the outdated SMBv1 for a long time. So, since 2016, the company advises administrators to withdraw from SMBv1 support, since this version of the protocol is almost 30 years ago old and does not contain the security improvements that were added in later versions.
Security enhancements include encryption, integrity checks before authentication to prevent man-in-the-middle (MiTM) attacks, blocking insecure guest authentication, and more.
“To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server. There is no need to run the nearly 30-year-old SMBv1 protocol when Exchange 2013/2016/2019 is installed on your system. SMBv1 isn’t safe and you lose key protections offered by later SMB protocol versions”, — recommend in Microsoft.
Now the Exchange Team has once again reminded administrators of the insecurity of using SMBv1 because various malware still actively abuses them. Some vulnerabilities in SMB are exploited by EternalBlue and EternalRomance, as well as by TrickBot, Emotet, WannaCry, Retefe, NotPetya, Olympic Destroyer and so on. Known SMB problems can be used to spread infection to other machines, perform destructive operations, and steal credentials.
In this regard, Microsoft experts once again strongly recommend disabling the obsolete version of SMB on Exchange 2013/2016/2019 servers.
“Before disabling SMBv1 you should make sure that you use a correctly configured and supported DAG witness server which supports at least SMBv2. You should make sure that the witness server is running a supported version of Windows Server which is Windows Server 2012/2012R2/2016 or 2019”, — recommend in Microsoft.
The company says that they did not check if the Exchange 2010 server was working correctly with SMBv1 disabled. And they are advised to upgrade from Exchange 2010 to Office 365 or a newer version of Exchange Server.
On this week, as part of the “Tuesday of updates” Microsoft fixed 99 bugs in its relatively products, including the sensational 0-day in Internet Explorer, but at the same time, the discontinuation of support for old products causes a very mixed reaction from users.