As of now, there is a rate limit for SMB authentication. This automatically activates and limits login attempts to make this attack surface less attractive to malicious actors. Microsoft has now announced another change to SMB authentication.
That’s what Ned Pyle, Director of Programs at Microsoft says New information has been released on the subject. Accordingly, as a test in Windows 11 Pro, you will first start by disabling the insecure SMB guest authentication routines. This change was actually made recently Insider Preview Build 25267 and 25276.
What is an SMB connection?
Server Message Block (SMB) is a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs on a computer network. So it is used if you use NAS devices to backup data, for example.
High security risks
Microsoft justifies the change by saying that guest authentication does not support audit trails and security mechanisms such as signing and certificates. As such, they are a very seductive vector for man-in-the-middle (MITM) attacks. In the worst case, a malicious actor could use the guest login to gain read or copy access to an entire network without leaving an audit trail. However, deactivation is only optional, meaning you can undo it and set it to active again if needed. To request guest access, SMB2 or SMB3 guest fallback can be temporarily enabled to allow access. However, SMB1 should not be used due to the security vulnerabilities of the old protocol. On current Windows 11 Pro Insider builds, changes will now be enabled by default and will generally be available with the “next major release” of the operating system.
“Subtly charming coffee scholar. General zombie junkie. Introvert. Alcohol nerd. Travel lover. Twitter specialist. Freelance student.”