Microsoft won’t patch 20 yr old SMBv1 vulnerability (you should just turn the service off)

2 min. read

Published onJuly 31, 2017

published onJuly 31, 2017

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Following the recent WannaCry and Petya ransomware attacks, Microsoft recommended all Windows 10 users toremove the unused but vulnerable SMBv1 file sharing protocol from their PCs. This is because both variants of the ransomware actually used the same SMBv1 exploit to replicate through network systems, even though it seems that Petya mostly affected Windows PCs in Ukraine.

Anyway, if you didn’t turn off the protocol on the PC already, you really should: Not only because new WannaCry/Petya variants could once again use the same vulnerability again to encrypt your files, but because another 20-year-old flaw has just been unveiled during the recent DEF CON hacker conference (viaSecurity Affairs).

The SMB security flaw called “SMBLoris” was discovered by security researchers at RiskSense, who explained that it can lead to DoS attacks affecting every version of the SMB protocol and all versions of Windows since Windows 2000. More importantly, a Raspberry Pi and just 20 lines of Python code are enough to put a Windows server to its knees.

RiskSense discovered the SMB vulnerability when analyzing EternalBlue, the leaked SMB exploit that is the source of the recent ransomware attacks. They disclosed the security flaw to Microsoft in June, but the company said that it won’t fix it. “The case offers no serious security implications and we do not plan to address it with a security update,” a Microsoft spokesperson toldThreatpost. “For enterprise customers who may be concerned, we recommend they consider blocking access from the internet to SMBv1.”

Microsoft is planning to entirely remove the SMBv1 protocol in the Windows 10 Fall Creators Update, so it may be not be as bad as it seems. However, everyone still running older versions of Windows will remain affected by the issue, that’s why it’s strongly recommended to simply disable the SMBv1 protocol. To do so, we invite you tocheck some detailed instructions on our previous postabout it.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Radu Tyrsina

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Microsoft won’t patch 20 yr old SMBv1 vulnerability (you should just turn the service off)#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft won’t patch 20 yr old SMBv1 vulnerability (you should just turn the service off)