Avatar of fieldj
fieldj
Flag for United Kingdom of Great Britain and Northern Ireland asked on

Microsoft Security Bulletin MS17-010 - Security Update for Microsoft Windows SMB Server (4013389)

Hi all,

I am sure that some people have been dealing with this recent security issue regarding disabling SMBv1.

Further details here:

https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices

Apparently this is now fixed by installing a Windows patch detailed in this Technet article (published March 14 2017):

https://technet.microsoft.com/library/security/MS17-010

However, I have noticed that even after installing this patch, a vulnerability scan on a test server is still reporting this vulnerability.  If I perform the manual reg key fix (detailed here: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012 ) the vulnerability scan reports that the vulnerability has been removed.

My question is, does the Windows security patch detailed in article MS17-010 truly fix the issue? Does my vulnerability scan just need to update to realise that this patch resolves the issue (I dont think that an update has been available since Microsoft released this patch)?
VulnerabilitiesWSUSWindows Server 2008SecurityMicrosoft Server OS

Avatar of undefined
Last Comment
masnrock

8/22/2022 - Mon
McKnife

Hi.

"Does my vulnerability scan just need to update to realise that this patch resolves the issue" - that is very likely the cause. Ask the vendor of the scanner.
fieldj

ASKER
Lets hope this is the case.  I have already asked them and am awaiting a reply.

I would be interested to hear others experience with this vulnerability and whether the patch seems to have resolved it for them.
ASKER CERTIFIED SOLUTION
masnrock

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck