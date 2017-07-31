Microsoft Won't Patch 20-Yr-Old SMBv1 Vulnerability (You Should Just Turn the Service Off) (onmsft.com) 53
An anonymous reader shares a news post: Following the recent WannaCry and Petya ransomware attacks, Microsoft recommended all Windows 10 users to remove the unused but vulnerable SMBv1 file sharing protocol from their PCs. This is because both variants of the ransomware actually used the same SMBv1 exploit to replicate through network systems, even though it seems that Petya mostly affected Windows PCs in Ukraine. Anyway, if you haven't turned off the protocol on the PC already, you really should: Not only because new WannaCry/Petya variants could once again use the same vulnerability again to encrypt your files, but because another 20-year-old flaw has just been unveiled during the recent DEF CON hacker conference. The SMB security flaw called "SMBLoris" was discovered by security researchers at RiskSense, who explained that it can lead to DoS attacks affecting every version of the SMB protocol and all versions of Windows since Windows 2000. More importantly, a Raspberry Pi and just 20 lines of Python code are enough to put a Windows server to its knees.
why was SMB1 still enabled 20 years later? (Score:1)
Why doesn't Microsoft patch the OS so that SMB1 is disabled entirely? I mean MS already shoves all sorts of crap down your throat anyways, why can't that unshove shit?
Planned for Windows 10 Fall Creators Update, according to TFA
There's a patch for this. (Score:2)
There's a patch for this.
https://linuxmint.com/download... [linuxmint.com]
So when will HP upgrade? (Score:5, Interesting)
EOL means SOL. OTOH, sales are about to increase at HP.
In other news, recycling facilitates that haul off e-waste are about to get an influx in obsolete equipment.
Hey, don't hate me, I'm just the messenger.
Why would I buy another HP if they refused to help once? Plenty of fish in the sea (not that there might be a better option...)
It's not just HP. It's a bunch of equipment-- some of it not even that old.
Oh well. You'll have to buy a new one.
Good luck getting your scans back off the server.
Because it's so very hard to write a script that copies your scans from the SMB1 drop box to a more convenient place.
Downhill, slashdot has fallen. Morons, all.
The Firewall is set to not allow packets between that server and anywhere else. Good luck getting the script to get around that.
What is this, 1996? Block all or nothing? How hard is it to figure out that he meant to only allow SMBv1 between the printer and this host, and then this host allows literally ANY OTHER PROTOCOL in order to connect and get the scanned images?
Never heard of setting up a print server to talk to some old pile of shit that still serves the purpose of putting ink / toner to paper, but uses outdated interfaces or protocols? It's the exact same thing.
Re:So when will HP upgrade? (Score:4, Insightful)
This is why you don't buy hardware from HP.
Or operating systems from MS.
I have backup software that only works with SMB1.
Game over.
Good luck when your datacenter loses power.
Re:So when will HP upgrade? (Score:4)
Also, thanks to TFA for providing instructions on how to disable SMB1.
Also why the hell does Windows have Super Mario Brothers 1 and 2 built in?!?
Use "Scan to email" instead. Scan to Network just seemed to be a waste of time, filling a folder with scan_**** files as people scanned them and left them there instead of deleting it. Scan to email is similar, but it just emails you the PDFs
Those are the only users they seem to care about not pissing off right
In other words (Score:1)
Fake Rage (Score:1)
Solutions:
- Build a proxy service (per the article) that parses input before passing it to $SERVICE.
- Do not put it on the internet (i.e. firewall).
Is SMB open by default in Windows Firewall anyway? If anything, pooh-pooh Redmond for that. I know, I know, millions of affected hosts.
Build a proxy service (per the article) that parses input before passing it to $SERVICE.
Sounds like a job for a Firewall/UTM to handle for you. Of course those don't usually protect much from internal traffic.
I couldn't see the move as any more disastrous as entire hospitals going offline...
What, pray tell, do you think happens when the whole reason the hospital has SMB1 enabled on its systems in the first place is to talk to multi-hundred-thousand- and multi-million-dollar pieces of medical equipment (think MRI and such) that don't speak SMB2?
Therein lies the rub.
Yes, those machines should be on an air-gapped network shared only with the workstations used to control and operate them. No, the vendors of those machines will not allow that because they want realtime monitoring of the equipme
Ummmmm Link for how to turn it off? (Score:5, Informative)
Keep in mind there's a server component and a client component (regardless of whether or not you have a "server" OS), and you probably want to disable both.
People still USE SMBv1 (Score:2)
It's easy enough to turn off via group policy (Score:3)
The trouble is that lots of software still requires it. Probably why MS don't turn it off via an update.
They're planning to turn it off in Windows 10 Fall Creators Update according to TFA. I guess they've had enough of it.
Ususal crap (Score:2)
all versions (Score:2)
By "the service" do you mean SMB? The threat is descirbed as affecting all versions of SMB, but nearly all of the tech writers describing the bug are suggesting turning off SMBv1. Is no one actually paying attention to what the authors are saying, or am I missing something?
Can you post where SMBLoris works on SBMv2 or v3? I haven't seen that, but the reporting has been pretty vague. Still you should remove (not just disable) SMBv1 where you can and block all inbound SMB traffic except where needed.
Turning it on again (Score:1)
Won't this leave all Windows machines vulnerable to any other exploit that would gain access to the device, potentially turn it on again, and allow the ransomware to do its damage?
It would be better to remove SMB1 support entirely, or patch it if that's too difficult for MS.