Microsoft Won't Patch 20-Yr-Old SMBv1 Vulnerability (You Should Just Turn the Service Off)

An anonymous reader shares a news post: Following the recent WannaCry and Petya ransomware attacks, Microsoft recommended all Windows 10 users to remove the unused but vulnerable SMBv1 file sharing protocol from their PCs. This is because both variants of the ransomware actually used the same SMBv1 exploit to replicate through network systems, even though it seems that Petya mostly affected Windows PCs in Ukraine. Anyway, if you haven't turned off the protocol on the PC already, you really should: Not only because new WannaCry/Petya variants could once again use the same vulnerability again to encrypt your files, but because another 20-year-old flaw has just been unveiled during the recent DEF CON hacker conference. The SMB security flaw called "SMBLoris" was discovered by security researchers at RiskSense, who explained that it can lead to DoS attacks affecting every version of the SMB protocol and all versions of Windows since Windows 2000. More importantly, a Raspberry Pi and just 20 lines of Python code are enough to put a Windows server to its knees.

why was SMB1 still enabled 20 years later?

Why doesn't Microsoft patch the OS so that SMB1 is disabled entirely? I mean MS already shoves all sorts of crap down your throat anyways, why can't that unshove shit?

So when will HP upgrade?

[GerbilSoft]

Most of HP's multi-function printers with Scan To Network only support SMB1. When will they issue a firmware update that adds support for SMB2?

Re:So when will HP upgrade?

Or operating systems from MS.

Ummmmm Link for how to turn it off?

[A10Mechanic]

https://support.microsoft.com/...