Protecting Legacy Windows Systems from Cyber Attacks: Upgrade Windows XP and Server 2003 to SMB3.1.1
June 28, 2017 by Tal Widerman
The WannaCry ransomware burst onto the world's computers in May 2017, sending IT managers into panic and, in particular, organizations that still use old operating systems running SMB1 (such as Windows XP, Windows Server 2003 and below).
Is there anything that vulnerable organizations can do to continue using legacy systems and still remain protected from such threats?
Protocols have evolved
The Microsoft SMBv1 file-sharing service is old, nearly 25 years old, WannaCry exploited SMBv1 through a worm that crawled across world cyber networks into the Windows systems. The protocol, like most of the software developed in the 80’s, was designed for a world that no longer exists: a world without malicious actors, without the vast sets of important data, without near-universal computer usage.
List of supported features in today's SMB latest dialect.
The Petya attack on Win XP machines:
Why so many organizations are still stuck with the old and vulnerable SMBv1 protocol? The simple answer is, they find it technically or financially impossible to move forward and modernize all of their XP or Server 2003 machines to newer operating systems that support newer SMB dialects.
Then there are organizations that use the more recent Windows Vista, Windows 7 or Server 2008. They stand better protected through the SMBv2 protocol, but are still not completely safe. Encrypted file sharing was initiated through the SMBv3 protocol that came with Windows 8 and Server 2012. See here for different versions of SMB protocols.
SMB1 days are over
Microsoft ended Windows XP support as of April 2014, and ended support of Windows 2003 in July 2015. This has led to a situation where slow movers and large organizations such as banks, universities, government offices, etc., use unsupported versions and are exposed to cyber-attacks through the SMBv1 breach, as these old operating systems support only SMBv1.
Recently, Microsoft has added more fuel to the fire and increased the pressure on these organizations with the announcement that, from Windows RedStone S3 onwards, SMBv1 will be disabled by default in Windows operating systems. This means that the older machines that support SMBv1 only, will not be able to communicate with newer machines.
Microsoft did disabled SMBv1 as of January 2018. Then onwards, when trying to connect to an SMBv1 only machine this is the error message received:
"You can't connect to the file share because it's not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack."
Overcoming the obstacle
Visuality Systems understands the danger and difficulty that these organizations are confronted with, and offer a solution that will allow organizations to continue using older Windows machines with the latest SMB protocol version. NQE™ is a portable solution and can solve this issue by replacing the outdated SMBv1 with the latest SMB dialect in legacy Windows systems such as Windows XP, Server 2000, and Server 2003.