The Push to Disable SMB1

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

The Push to Disable SMB1

Samba - jcifs mailing list
On Thu, Jun 8, 2017 at 10:58 AM, Vella, Shon via jCIFS
<[hidden email]> wrote:
> Thanks for this update, Moritz. We've been scrambling to find or
> create an alternate solution ever since the WannaCry outbreak and the
> redoubled push by MS to have everyone turn off SMB1, and this sounds

I'm not sure I understand the push to disable SMB1. My understanding
is that the SMB1 vulnerability was just a buffer overrun in the
TREE_CONNECT_ANDX response which seems to be should have been a simple
fix.

I have to wonder if this is one of those cases were they kinda know
how to fix something but they don't because it's more profitable to
play along with public perception that SMB1 is so old you'll turn to
stone if you so much as look at it. Like it's an old Pontiac with a
hole in the exhaust.

Has MS not patched this? Otherwise installing an update is probably
easier than disabling SMB1.

Mike

--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: The Push to Disable SMB1

Samba - jcifs mailing list
Mike,

Yes, there are patches for all the known vulnerabilities, and that's
what we are telling our customers. But Microsoft has been pushing
customers to turn off SMBv1 for at least a year now, primarily because
they just don't want to support it anymore, and the WannaCry and Petya
outbreaks give them more fuel for their campaign, even though the
vulnerability was in their implementation, not the protocol itself.

Shon Vella
Identity Automation
Staff Engineer
www.identityautomation.com

On Mon, Jul 10, 2017 at 8:15 PM, Michael B Allen <[hidden email]> wrote:

> On Thu, Jun 8, 2017 at 10:58 AM, Vella, Shon via jCIFS
> <[hidden email]> wrote:
>> Thanks for this update, Moritz. We've been scrambling to find or
>> create an alternate solution ever since the WannaCry outbreak and the
>> redoubled push by MS to have everyone turn off SMB1, and this sounds
>
> I'm not sure I understand the push to disable SMB1. My understanding
> is that the SMB1 vulnerability was just a buffer overrun in the
> TREE_CONNECT_ANDX response which seems to be should have been a simple
> fix.
>
> I have to wonder if this is one of those cases were they kinda know
> how to fix something but they don't because it's more profitable to
> play along with public perception that SMB1 is so old you'll turn to
> stone if you so much as look at it. Like it's an old Pontiac with a
> hole in the exhaust.
>
> Has MS not patched this? Otherwise installing an update is probably
> easier than disabling SMB1.
>
> Mike
>
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: The Push to Disable SMB1

Samba - jcifs mailing list
Ok. So I guess people hit by WannaCry et al were not updating? Can't
blame MS for that.

Ho hum.

Mike

--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/

On Tue, Jul 11, 2017 at 10:43 AM, Vella, Shon <[hidden email]> wrote:
> Mike,
>
> Yes, there are patches for all the known vulnerabilities, and that's
> what we are telling our customers. But Microsoft has been pushing
> customers to turn off SMBv1 for at least a year now, primarily because
> they just don't want to support it anymore, and the WannaCry and Petya
> outbreaks give them more fuel for their campaign, even though the
> vulnerability was in their implementation, not the protocol itself.

Loading...