Computer/Windows/Office/ Discussion Blog

August 28, 2017

How does the Windows Server 2008/2012 disable the SMBv1 protocol?

Filed under: computer knowledge — admin @ 5:40 pm

How does Windows Server 2008/2012 disable SMBv1 services because someone recently broke the 0 Day vulnerability associated with the Windows SMB protocol?. The vulnerability can be exploited for remote DOS attacks, causing memory exhaustion in the Windows system. According to the researchers, the vulnerability analysis is the “eternal blue” vulnerability derived from the new vulnerabilities, the official Microsoft believes that the flaw belongs to the medium, not to fix this vulnerability, and recommend users to avoid by disabling the SMBv1 protocol.
Vulnerability information
[CVE-ID]: None
[vulnerability type]: Remote Denial of Service Vulnerability
[hazard rank]: high risk
[system that affects]:Windows version 2000 and above to run SMBv1 protocol
Two, vulnerability analysis
Unlike a DDoS attack initiated by a common botnet approach, an attacker can exploit the vulnerability with a single machine to cause the target Windows system to crash. According to the safety of dogs preliminary analysis of nonpaged pool Windows kernel (non-paged pool) on the treatment of memory allocation problems, may lead to memory pool depletion. A remote attacker can cause all available memory allocation by sending Windows SMB message system specially opened 139 or 445 ports, the operating system will be dead in all memory, but will not record the log or the system blue screen, so the remote attacker can use loopholes in the implementation of DoS attack.
Three, investigation methods
1, Windows Server 2012 check SMBv1 status method:
Open the “Windows PowerShell” program in the start menu, enter and execute the following instructions on the command line:
Get-SmbServerConfiguration Select EnableSMB1Protocol |
If Ture is printed, the SMBv1 is opened.
2, Windows Server 2008 check SMBv1 status method:
Open the run program in the start menu, execute the regedit command, open the registry, add SMB1 in the following registry subkey, type REG_DWORD, and set the value to 0:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
When the SMB1 value is 0, the SMBv1 state is disabled
When the SMB1 value is 1, the SMBv1 status is enabled
Four, emergency handling methods
Note: please backup the data before you repair it and test it fully.
1. close SMBv1
A) Windows Server 2012 method of closing SMBv1
Run commands in power shell:
Set-SmbServerConfiguration -EnableSMB1Protocol $false
B) Windows Server 2008 disables SMBv1
Use the Windows PowerShell or registry editor

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress