Hi folks, Ned here again and today’s topic is short and sweet: Stop using SMB1. If you need this security patch, you already have a much bigger problem: you are still running SMB1.
The first step is to build a directory structure to hold the files that will be used in the CD creation process.
Many have by now (I’ve spoken to some, at least) and their customers might still just be running an out of date version – call your suppliers.
Starting in Windows 8.1 and Windows Server 2012 R2, we made removal of the SMB1 feature possible and trivially easy.
These will only affect the average business or user if you let them. We work carefully with partners in the storage, printer, and application spaces all over the world to ensure they provide at least SMB2 support and have done so with annual conferences and plugfests for six years. If you have older servers than WS2012 R2, now is good time to talk upgrade.
Vendors are moving to upgrade their SMB2 support – see here: https://aka.ms/stillneedssmb1 For the ones who aren’t, their competitors are. Ok, that’s a bit extortionist – now is the time to talk to your blue teams, network teams, and other security folks about if and where they are seeing SMB1 usage on the network. If you still don’t know because this is a smaller shop, run your own network captures on a sample of your servers and clients, see if SMB1 appears.
Disabling Oplocks is not recommended by Microsoft, but required by some older software, often due to using legacy database technology.