What just happened? Microsoft has confirmed that Windows 11 Dev Channel builds would be released without SMB1 moving forward. The legacy file sharing protocol, which has been used for more than 30 years, has undergone several updates to modernize the service and address security vulnerabilities identified along the way. Despite the updates, administrators that still rely on the original protocol will have the ability to reinstall the feature… at least for now.
Microsoft began deprecating the SMB1 protocol in some versions of Windows 10 and Windows Server several years ago, thus the decision to disable the feature shouldn’t come as a surprise to anyone managing IT infrastructure. Much of the original push to move away from SMB1 revolves around mitigating potential security issues.
In 2016 Microsoft issued MS16-114, which identified vulnerabilities in several versions of Windows and Windows Server. The bulletin outlined how attackers could execute code and introduce a direct denial of service (DDoS) attack. Microsoft community writeups dating back to 2016 urged users to move away from the aging protocol. US-CERT also recommended that users and administrators disable the SMB1 service and block associated network traffic across specific ports.
According to Ned Pyle, a Principal Program Manager at Microsoft who has consistently provided the community with SMB updates, these latest actions will eventually be followed by removing the actual SMB1 binaries from future product releases. Pyle has been one of the main contributors to MS Technet articles and blogs on the subject of SMB1 and has been extremely vocal about the need to move away from it for several years. His earlier posts regarding SMB1 replacement pointed out several security flaws that were remediated by later versions to prevent security downgrade attacks, man-in-the-middle (MiTM) attacks, and any vulnerabilities related to system messaging and encryption.
Despite the longstanding calls to move away from the deprecated service, administrators of smaller, aging, budget constrained infrastructures have expressed concern over the protocol’s waning support. What may be a minor cost for larger organizations is a huge roadblock for small companies and individuals that lack the financial or technical resources for complete infrastructure updates.
Pyle’s latest blog post has acknowledged that the move could be a pain point for consumers or groups running aging hardware. The post includes a link to the original SMB1 Product Clearinghouse, which provides a list of vendor products and documentation stating known SMB1 requirements. Updates to the list can be submitted to StillNeedsSMB1@microsoft.com or by tweeting at Pyle with hashtag #StillNeedsSMB1.
Image credit: Windows Key by Tadas Sar