Is SMB 1.0 more vulnerable at the client level or server level

Obsolesce

@scottalanmiller said in Is SMB 1.0 more vulnerable at the client level or server level:

@Obsolesce said in Is SMB 1.0 more vulnerable at the client level or server level:

If you use one of these, you don't need to lock your car door anymore!

Until someone just steals your wallet sitting on the seat.

Lol exactly.

PhlipElder

@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

On Windows 10 you can enable SMB1.0 Server or Client. Does enabling just the client side make the Windows 10 system vulnerable? What I am trying to figure out is if I have a special machine running XP and need to pull data from a share on it, can I enable SMB 1.0 client on a Windows 10 machine, connect a crossover cable and have the 10 machine pull data from the XP share safely? The 10 machine would then move the copied data onto the primary server running Windows Server 2016.

If this is a horrible idea are there any suggestions to make this a secure setup other than replacing the XP machine.

Thanks

Both. We've seen Emotet gobble up an entire network where nothing has been done to patch for EternalBlue which is the exploit in SMBv1.

We remove it _everywhere we manage a network on all endpoints. Period. Full Stop.