Link to home
Start Free TrialLog in
Avatar of fieldj
fieldjFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Microsoft Security Bulletin MS17-010 - Security Update for Microsoft Windows SMB Server (4013389)

Hi all,

I am sure that some people have been dealing with this recent security issue regarding disabling SMBv1.

Further details here:

https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices

Apparently this is now fixed by installing a Windows patch detailed in this Technet article (published March 14 2017):

https://technet.microsoft.com/library/security/MS17-010

However, I have noticed that even after installing this patch, a vulnerability scan on a test server is still reporting this vulnerability.  If I perform the manual reg key fix (detailed here: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012 ) the vulnerability scan reports that the vulnerability has been removed.

My question is, does the Windows security patch detailed in article MS17-010 truly fix the issue? Does my vulnerability scan just need to update to realise that this patch resolves the issue (I dont think that an update has been available since Microsoft released this patch)?
Avatar of McKnife
McKnife
Flag of Germany image

Hi.

"Does my vulnerability scan just need to update to realise that this patch resolves the issue" - that is very likely the cause. Ask the vendor of the scanner.
Avatar of fieldj

ASKER

Lets hope this is the case.  I have already asked them and am awaiting a reply.

I would be interested to hear others experience with this vulnerability and whether the patch seems to have resolved it for them.
ASKER CERTIFIED SOLUTION
Avatar of masnrock
masnrock
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial