SMB Security Best Practices

In response to public reporting of a potential Server Message Block (SMB) vulnerability, US-CERT is providing known best practices related to SMB. This service is universally available for Windows systems, and legacy versions of SMB protocols could allow a remote attacker to obtain sensitive information from affected systems.

US-CERT recommends that users and administrators consider:

• disabling SMB v1 and
• blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.

US-CERT cautions users and administrators of potential issues that could be created by disabling SMB v1. For more information on SMB, review Microsoft Security Advisories 2696547(link is external) and 204279(link is external).