No SMB related entries in HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters?
WCry exploits a problem of an unpatched Windows system. The problem is located in the SMBv1 (Server Message Block) implementation.
If the registration key HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 (type should be DWORD) is set to 0, it's use is disabled. The default value is 1, i.e. if the key is not present in the registry, it will be treated like it has the value 1.
Related videos on Youtube
02 : 21
02 : 29
00 : 58
![Securing SMB (Read Note in Description) [Windows Server 2019]](https://i.ytimg.com/vi/Dft8TB-SagY/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBV9mNJzFbPC4RJZjsd4DI_6CoYSQ)
16 : 44
04 : 20
glaucon
Updated on September 18, 2022Comments
-
glaucon almost 2 years
This microsoft webpage provides guidance, amongst other things, on disabling SMB1 in Windows 2008.
It mentions a registry key
HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1.I haven't yet followed any of those instructions but when I inspect
HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameterson a W2008 machine there is no entry for SMB1 (or any other entries which appear to relate to SMB).What is the significance of this? Is it possible to have configured the machine so that it knows nothing about SMB?
-
Ryan Bolger about 7 yearsIn other words, SMB1 is on by default you must create the key/value if it doesn't exist and you want to turn it off.