Microsoft plans to drop SMB1 binaries from Windows 11
Yet another nail in the coffin for aged and unsecure file-sharing protocol
Microsoft has taken another step toward the final eradication of the venerable SMB1 protocol with plans to disable it by default in all editions of Windows 11.
As is the company's wont, Dev Channel Windows Insiders will first have the protocol not installed for all editions. This will then be the default for the next major release of Windows 11, expected later this year. In-place upgrades, where SMB1 was already in use, aren't affected and administrators that really need it can deliberately pop it back on.
So 2022 will be the year when there will be no fresh installs of Windows 11 that has the aged protocol installed by default.
Microsoft's Ned Pyle, principal program manager in the Windows Server High Availability and Storage group, who has waged a war on the protocol for a good many years within the walls of Redmond, also had news for the future:
"We are going to remove the SMB1 binaries in a future release. Windows and Windows Server will no longer include the drivers and DLLs of SMB1."
Microsoft will still provide an install package for organizations that can't do without SMB1, but it will, according to Pyle, be unsupported. Something for that NAS that has lurked beneath the stairs for a decade or so, or the one weird bit of hardware on the factory floor.
There is a certain inevitability to the news. Microsoft had already shipped Windows 10 and Windows Server 1709 with SMB1 not installed by default. Windows 10 Home and Pro still had the client just in case. It would, however, be uninstalled automatically in unmanaged environments if not used for 15 days (excluding time during which the computer is off).
- Samba 4.16 release strips away more SMB 1
- Microsoft finds itself in odd position of sparing elderly, insecure protocols: Grants stay of execution to TLS 1.0, 1.1
- Microsoft has another crack at fixing Chrome problems in Windows 10
- Have to use SMB 1.0? Windows 10 April 2018 Update says NO
From Windows 10 1809, the Pro version no longer contained the SMB1 client by default.
SMB1 usage in Windows has been plummeting in recent years. The Register understands outbound traffic from the likes of Windows 10/11 and Windows Server 2016-2022 is hovering around the 0.5 percent mark, down from well above 30 percent seven years ago. Inbound traffic has similarly fallen into a deep ravine, and now accounts for just 0.8 percent.
Other groups were also sawing away at the file-sharing protocol. Bits of it have, for example, been removed from Samba 4.16 and the project had declared SMB1 deprecated and off by default since Samba 4.11. However, it is the final excising promised by Pyle in Windows that could result in those elderly NAS boxes that still depend on it being turned off for good.
As for why it has taken so long for Microsoft to get to this point, Pyle said simply: "I had to save this Home edition behavior for last, it's going to cause a consumer pain among folks who are still running very old equipment, a group that's the least likely to understand why their new Windows 11 laptop can't connect to their old networked hard drive."
With Windows 10 supported until 2025, it seems there will remain a glimmer of life in the old, hideously unsecure dog yet. However, the end is most definitely nigh. ®
- Advanced persistent threat
- Black Hat
- Bug Bounty
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Internet Explorer
- Kenna Security
- Microsoft 365
- Microsoft Build
- Microsoft Edge
- Microsoft Office
- Microsoft Surface
- Microsoft Teams
- Office 365
- Palo Alto Networks
- Patch Tuesday
- Remote Access Trojan
- SQL Server
- Trusted Platform Module
- Visual Studio
- Visual Studio Code
- Windows 7
- Windows 8
- Windows Server
- Windows Server 2003
- Windows Server 2008
- Windows Server 2012
- Windows Server 2013
- Windows Server 2016
- Windows XP
- Xbox 360
- Zero trust