There has been a lot of recent discussion about the Server Message Block (SMB) network file sharing protocol and its vulnerabilities which were used in the WannaCrypt ransomware attack which spread quickly after it was first detected earlier this month.
The situation was so severe that Microsoft even issued a security patch for Windows XP based systems which has been out of support since April 2014. While I am sure users appreciated that patch, it looks like Windows 7 was more vulnerable to this exploit than Windows XP users in the long run.
Microsoft has been talking about this SMB v1 vulnerability since at least last September and over on the "Stay Safe" Cyber Security Blog, Troy Arwine provides historical context about this issue including links to all of the related articles from MSDN and TechNet.
He also provides links to the security bulletin that was published back in March when the company patched the exploit and then the follow on content relating to the ransomware attack this month.
It is all excellent reading to learn about the entire situation however, there is a very practical side to his article as he provides enterprise customers with the steps necessary to disable SMB v1 using Group Policy and there are separate instructions on this process for both SMB v1 Server and Client.
While patching/disabling the SMB protocol on your servers and clients is important, do not forget to take a look at other file sharing hardware you might use on your network and make sure you upgrade firmware so that you can avoid this vulnerability in SMB v1. If your hardware does not support switching off SMB v1, like my Western Digital MyCloud device, than you should consider replacing that hardware on your network as soon as possible.
Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!