The recent devastating WannaCrypt attacks were so successful not because of spreading via gullible email users, but because it used a vulnerability in SMBv1, which dates to the 1990s, to spread laterally in a Windows network to other Windows users without them even needing to open any attachments.
Microsoft has been deprecating the SMBv1 protocol since 2014, and, to address the risk of further exploits being discovered in this ancient protocol, have now announced that they will remove the stack from new versions of Windows 10 starting with the Fall Creators Update.
The news was confirmed by Microsoft’s Ned Pyle, principal programme manager for the company’s Windows Server High Availability and Storage division, who said Microsoft was testing builds of Windows 10 Enterprise and Windows Server 2016 with SMBv1 disabled internally.
‘This will not reach Insider Flights for some time, and it does not affect released production code at all yet,’ Pyle explained. ‘It is likely to evolve several times inside Flights. All of this is subject to change and none of it can be considered plan of record. This is just early guidance.’
The protocol will only be disabled in fresh installs of the OS, so the decision will likely take a while to take effect in the wild, but users are free to disable it themselves in the interim. To find out how to read Microsoft’s guidance here.