Microsoft is beginning the final phase of disabling SMB1 in Windows, announcing that SMB1 is now disabled by default for Windows 11 Home Insiders, and the company will remove the SMB1 binaries and the drivers and DLLs of SMB1 in future releases.
In a Tech Community blog, Ned Pyle, a principal program manager in the Windows Server engineering group at Microsoft, says that for users who install a Windows Insider Dev channel build in any variant of Home Edition, the SMB1 client won’t be installed.
“This means there is no edition of Windows 11 Insider that has any part of SMB1 enabled by default anymore,” Pyle writes. “At the next major release of Windows 11, that will be the default behavior as well.”
However, Pyle notes that this doesn’t impact in-place upgrades of machines already using SMB1, and admins can still intentionally reinstall it.
According to Microsoft, the original SMB1 protocol is nearly 30 years old and is vulnerable to attack because it doesn’t include protections offered by newer SMB protocol versions, including pre-authentication integrity, secure dialect negotiations, encryption, insecure guest auth blocking and better message signing.
In addition, SMB1 doesn’t include more modern performance and productivity optimizations for end users.
Pyle says Microsoft will provide an out-of-band unsupported install package for organizations or users that still need SMB1 o connect to old factory machinery, medical gear, consumer NAS or other scenarios. More details will be released over the next few months.
Microsoft began shipping Windows 10 and Windows Server with SMB1 not installed by default in the fall of 2017. That initially included the SMB1 server service in any editions of Windows and the SMB1 client service in most editions of Windows, Pyle writes.
However, Home and Pro editions still had the client so users could connect to consumer and small business third-party NAS devices that only supported SMB1.
“If the client didn’t see any outbound use of SMB1 after total 15 days of uptime, it would then automatically uninstall it. In RS5 – version 1809 – we stopped installing SMB1 client in Pro editions,” Pyle writes.” And now the time has come to end the last remaining piece. If you install a Windows Insider Dev channel build in any variant of Home Edition, the SMB1 client isn’t installed.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply