Outdated SMB1 Protocols are Dropped in Microsoft’s Latest Windows 11

Disabled SMB1 Windows 11

Microsoft implements enhanced connection and encryption and removes outdated SMB1 firewall rules to improve Windows 11 security.

Microsoft’s most recent Windows 11 Insider Preview Build includes a significant change to handling firewall rules, especially the outdated SMB1 protocol. By mimicking the actions of the Windows Server “File Server” role, the new method seeks to give customers a better level of network security.

Returning to Windows XP SP2, when you created Server Message Block (SMB) shares in Windows, you automatically added firewall rules to the relevant firewall profiles’ “File and Printer Sharing” group.

However, SMB shares are currently causing the updated “File and Printer Sharing (Restrictive)” group to be configured, according to Microsoft’s most recent Canary Channel Insider Preview Build 25992. Inbound NetBIOS ports 137–139, legacy artifacts from the original SMB1 protocol, are purposefully left out of this update.

In simple terms, When you create an SMB share, Windows now automatically configures the new “File and Printer Sharing (Restrictive)” group, which no longer consists of incoming NetBIOS ports 137–139.

Such ports are an artifact of SMB1 and are not used by SMB2 or later. Make sure the firewall ports are reopened if you need to reinstall the SMB1 server for whatever reason related to legacy compatibility.

According to Amanda Langowski and Brandon LeBlanc of Microsoft, “this change enforces a higher degree of default of network security as well as bringing SMB firewall rules closer to the Windows Server “File Server” role behavior.”

Administrators can still configure the “File and Printer Sharing” group if necessary and modify this new firewall group.

This significant change brings SMB firewall rules closer to the Windows Server “File Server” role behavior, which only opens the minimal ports required to connect and handle sharing and imposes a higher default level of network security. The new firewall group and the “File and Printer Sharing” group may still be modified by administrators; these are only the default configuration.

Increasing the Security of Windows by Leveraging Encryption and Improved Connectivity

These enhancements and other updates released in recent months are part of a more remarkable effort to fortify the security of Windows and Windows Server. Windows 11 Insider Preview Build 25982 has been released on the Canary Channel so administrators can impose SMB client encryption on all outgoing connections.

Microsoft has also made modifications that allow administrators to impose SMB client encryption for all outbound connections as part of its continuing security commitment.

This requires destination servers to implement SMB 3. x and encryption, ensuring all connections are safe from potential interception and eavesdropping threats.

Furthermore, features that require SMB signature by default and restrict NTLM authentication data on outgoing SMB connections provide further defense against known attack techniques like NTLM relay and pass-the-hash assault incidents.

Microsoft revealed the last stage of the SMB1 file-sharing protocol’s deprecation last year. In September 2022, an SMB authentication rate restriction was introduced to strengthen protection against brute-force malicious attacks.

These actions highlight Microsoft’s dedication to enhancing the security of Windows operating systems over time and its reactions to the evolving world of cybersecurity threats.

Windows Security CTA
Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.

Leave a comment

Your email address will not be published. Required fields are marked *