Microsoft Best Practice Analyzer Lies Today

I ran the BPA scan on one of my servers and it had said that SMB v1.0 should be installed since it is not in a default configuration.

Other than to support legacy hardware and on a completely disjointed VLAN from everything else should you bother to enable SMBv1.0. There have been vulnerabilities in that version of SMB for many years. Specifically, does anyone remember WannaCry? This BPA scan doesn’t seem like it’s been updated since before WannaCry and this is on a Windows Server 2019 Standard system. It make me “wanna cry”.

Just search google for “smb v1 exploit” and thousands of articles pop up.

https://cyware.com/news/what-is-smb-vulnerability-and-how-it-was-exploited-to-launch-the-wannacry-ransomware-attack-c5a97c48

I suppose I shouldn’t be so surprised that Microsoft has become complacent in updating their BPA software.

So, with that in mind when you run your BPA scan just remember to take it with a grain of salt as the BPA scan doesn’t know everything and that you might be better off going away from what the analyzer utility says. It’s good to give you a hint of what to check out but not a task list.

Leave a Reply

Your email address will not be published. Required fields are marked *