PingSentry   |   Blog   |   System32   |   GitHub   |   Free tools

Network Access: The Server Message Block (SMB) v1 protocol must be disabled on the SMB client

78c4c60a-a039-4a47-b614-3138d7bcfe4f

SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks such as collision and preimage attacks as well as not being FIPS compliant.

Remediation

To fix this configure the policy value for
Computer Configuration
|_ Administrative Templates
|_ MS Security Guide
|_ "Configure SMBv1 client driver" to "Enabled" with "Disable driver (recommended)" selected for "Configure MrxSmb10 driver".

This policy setting requires the installation of the SecGuide custom templates. "SecGuide.admx" and " SecGuide.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively. C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\ folder for domain controllers

Available here: https://www.microsoft.com/en-us/download/details.aspx?id=55319 / https://public.cyber.mil/stigs/gpo/
or at EventSentry GitHub repository here: https://github.com/eventsentry/resources

https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

STIG: Server:
2022: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2023-09-11/finding/V-254277
2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2023-09-11/finding/V-205684 / https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93395
2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2023-08-22/finding/V-224858 / https://www.stigviewer.com/stig/windows_server_2016/2020-06-16/finding/V-78125

Desktop
W11: https://www.stigviewer.com/stig/microsoft_windows_11/2023-09-29/finding/V-253288
W10: https://www.stigviewer.com/stig/microsoft_windows_10/2023-09-29/finding/V-220731 / https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220731

NIST 800-53: CM-7a.
NIST 800-171 Rev2: 3.4.6
NIST 800-171 Rev3 FPD: 3.4.2.a, 3.4.6.a, 3.4.6.b, 3.4.6.d
NIST 800-171A: 3.4.6[a], 3.4.6[b]
CMMC v2 L2: CM.L2-3.4.6
CMMC v2.1 L1: AC.L1-b.1.ii
CMMC v2.1 L2: CM.L2-3.4.6
OWASP Top10 v2021: A05:2021
PCI DSS v3.2: 1.1.5,1.2.1, 2.2.2, 2.2.4, 2.2.5
PCI DSS v4.0: 1.2.6, 1.4, 1.4.1, 1.4.2, 2.2.4
CAT II
CCI: CCI-000381
CIS CSC v8: 4.8
Rule-ID:SV-224858r569186_rule
STIG-ID: WN16-00-000412
STIG-Legacy: SV-92831
STIG-Legacy: V-78125
Vuln-ID: V-224858



Tags

stig-medium-server stig-medium-desktop desktop server compliance-desktop compliance-server security-desktop nist800-171-desktop nist800-171-server nist800-53-desktop nist800-53-server cmmc2-l2-desktop cmmc2-l2-server cis-csc-desktop cis-csc-server pci-dss-v3.2-desktop pci-dss-v3.2-server pci-dss-v4-desktop pci-dss-v4-server