Microsoft encourages Exchange administrators to disable SMBv1 to protect against malware

Microsoft strongly recommends that administrators disable the SMBv1 protocol on Exchange servers.

Let me remind you that Microsoft has been implementing a systematic refusal to use the outdated SMBv1 for a long time. So, since 2016, the company advises administrators to withdraw from support for SMBv1, since this version of the protocol almost 30 years ago does not contain the security improvements that were added in later versions. These enhancements include encryption, integrity checks before authentication to prevent man-in-the-middle (MiTM) attacks, blocking insecure guest authentication, and more.

Now the Exchange Team has once again reminded administrators of the insecurity of using SMBv1 due to the fact that they are still actively abused by various malware: in particular, exploits EternalBlue and EternalRomance, as well as the malware TrickBot, Emotet, WannaCry, Retefe, are also exploiting it. , NotPetya, Olympic Destroyer and so on. Known SMB problems can be used to spread infection to other machines, perform destructive operations, and steal credentials.

In this regard, Microsoft specialists once again strongly recommend that you disable the legacy version of SMB on Exchange 2013/2016/2019

Leave a Reply

Your email address will not be published. Required fields are marked *

20 − nineteen =