About the SMBv1 retirement

On this page:


Overview

On April 7, 2019, Campus Communications Infrastructure (CCI) disabled SMBv1 on the Active Directory Domain controllers.

Server Message Block (SMB) is an application layer network protocol commonly used in Microsoft Windows to provide shared access to files and printers. SMBv1 is the original protocol developed in the 1980s, making it more than 30 years old. More secure and efficient versions of SMB are available today.

Security concerns

The SMBv1 protocol is not safe to use. By using this old protocol, you lose protections such as pre-authentication integrity, secure dialect negotiation, encryption, disabling insecure guest logins, and improved message signing. Microsoft has advised customers to stop using SMBv1 because it is extremely vulnerable and full of known exploits. WannaCry, a well-known ransomware attack, exploited vulnerabilities in the SMBv1 protocol to infect other systems. Because of the security risks, support for SMBv1 has been disabled.

Recommendations

SMBv1 should be disabled on all systems that do not have a business justification to warrant continued use.

For instructions, see:

This is document aumn in the Knowledge Base.
Last modified on 2020-07-06 14:42:47.

Contact us

For help or to comment, email the UITS Support Center.