After the recent cyber attacks Petya and WannaCry, Microsoft recommended all Windows 10 users to remove the unused but still vulnerable SMBv1 file sharing protocol from their machines to stay safe. Both variants of the ransomware used this particular exploit to replicate through network systems.
Turn off the protocol as an old flaw came upIn case you haven’t turned off the protocol by now, you should consider doing so. For starters, new ransomware variants could strike once again and could use the same vulnerability to encrypt your files. Another reason is the fact that another 20-year-old flaw was just revealed during the recent DEF CON hacker conference.
SMB security flaw called SMBLorisSecurity researchers revealed this security flaw at RiskSense and explained that it could lead to DoS attacks affecting every version of the SMB protocol and all versions of Windows since Windows 2000. Spooky, isn’t it? What’s more, a Raspberry Pi and just 20 lines of Python code will be enough to put a Windows server down.
The SMB vulnerability was discovered while analyzing EternalBlue, the leaked SMB exploit that is the source of recent ransomware attacks. Enterprise customers are strongly advised to block access from the internet to SMBv1 to remain safe.
Microsoft is planning to remove SMBv1 entirely from the Windows 10 Fall Creators Update so the whole issue might not be as terrifying as it seems now. But, just to be sure, everyone running older versions of Windows should know that they will remain affected by this issue, and for this reason, it is recommended to disable the SMBv1 protocol.
source
