Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host supports the SMBv1 protocol.

Description :

The remote Windows host supports Server Message Block Protocol
version 1 (SMBv1). Microsoft recommends that users discontinue the use
of SMBv1 due to the lack of security features that were included in
later SMB versions. Additionally, the Shadow Brokers group reportedly
has an exploit that affects SMB; however, it is unknown if the exploit
affects SMBv1 or another version. In response to this, US-CERT
recommends that users disable SMBv1 per SMB best practices to mitigate
these potential issues.

See also :

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
https://support.microsoft.com/en-us/kb/2696547
http://www.nessus.org/u?8dcab5e4
http://www.nessus.org/u?36fd3072
http://www.nessus.org/u?4c7e0cf3

Solution :

Disable SMBv1 according to the vendor instructions in Microsoft
KB2696547. Additionally, block SMB directly by blocking TCP port 445
on all network boundary devices. For SMB over the NetBIOS API, block
TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary
devices.

Risk factor :

None

Family: Misc.

Nessus Plugin ID: 96982 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now