Remember the nasty ransomware attacks Petya & WannaCry which spread almost like a zombie apocalypse earlier this year? Millions of devices arround the world were affected with these attacks which were designed to exploit the loopholes in the good old Server Message Block version 1 (SMB v1) protocol. A lot of security experts have argued that having SMB v1 enabled in servers/PCs by default will leave the consumers vulnerable for any future attacks of this nature.
Starting this month, Azure Security Team has closed the doors for SMB v1 protocol for Windows OS images available in Azure marketplace. This means that when you deploy a VM with any of the below operating systems using an Azure marketplace image, the SMV v1 protocol is disabled by default.
- HPC Pack 2012 R2 Compute Node with Excel on Windows Server 2012 R2
- HPC Pack 2012 R2 on Windows Server 2012 R2
- Windows Server 2008 R2 SP1
- Windows Server 2012 Datacenter
- Windows Server 2012 R2 Datacenter
- Windows Server 2016 – Nano Server
- Windows Server 2016 Datacenter
- Windows Server 2016 Datacenter – with Containers
- [HUB] Windows Server 2008 R2 SP1
- [HUB] Windows Server 2012 Datacenter
- [HUB] Windows Server 2012 R2 Datacenter
- [HUB] Windows Server 2016 Datacenter
- [smalldisk] Windows Server 2008 R2 SP1
- [smalldisk] Windows Server 2012 Datacenter
- [smalldisk] Windows Server 2012 R2 Datacenter
- [smalldisk] Windows Server 2016 Datacenter
This doesn’t mean that you can turn a blind eye to your existing Windows VMs in Azure. If you haven’t already disabled SMB v1 in those, you can refer this TechNet article to learn how to do so. Regardless of where your servers and PCs are deployed (cloud or on-premises) Microsoft strongly recommend you to disable SMB v1 protocol.
OK what about Linux ?
The Samba service which enables the SMB protocol in Linux VMs is not installed by default in any Azure Linux gallery image. If you install this service later on once you have provisioned a VM vulnerability report CVE-2017-7494 need to be taken into consideration to there are any threats that you should be alarmed of. This explains the vulnerabilities in Samba 3.5 and onward where as the current version is 4.6.7. However it is always recommend to update to the latest version as soon as possible.
Do I need to use SMB v1 ever ?
SMB v1 has been superseded by SMB v2 & V3 a long back. These versions are inherently more secure than the v1 of SMB protocol. However there are dozens of products out there which still leverages the SMB v1 protocol. This TechNet article lists out most of the products that still leverage SMB v1 at some point of their current life cycle.