Windows Server 2022 must not the Server Message Block (SMB) v1 protocol installed.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-254275 | SRG-OS-000095-GPOS-00049 | WN22-00-000380 | SV-254275r958478_rule | 2025-02-25 | 2 |
| Description |
|---|
| SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks such as collision and preimage attacks and is not FIPS compliant. |
| ℹ️ Check |
|---|
| Different methods are available to disable SMBv1 on Windows Server 2022. This is the preferred method, however if WN22-00-000390 and WN22-00-000400 are configured, this is NA. Open "Windows PowerShell" with elevated privileges (run as administrator). Enter "Get-WindowsFeature -Name FS-SMB1". If "Installed State" is "Installed", this is a finding. An Installed State of "Available" or "Removed" is not a finding. |
| ✔️ Fix |
|---|
| Uninstall the SMBv1 protocol. Open "Windows PowerShell" with elevated privileges (run as administrator). Enter "Uninstall-WindowsFeature -Name FS-SMB1 -Restart". (Omit the Restart parameter if an immediate restart of the system cannot be done.) Alternately: Start "Server Manager". Select the server with the feature. Scroll down to "ROLES AND FEATURES" in the right pane. Select "Remove Roles and Features" from the drop-down "TASKS" list. Select the appropriate server on the "Server Selection" page and click "Next". Deselect "SMB 1.0/CIFS File Sharing Support" on the "Features" page. Click "Next" and "Remove" as prompted. |