Microsoft Windows Server 2019

Windows Server 2019 must not have the Server Message Block (SMB) v1 protocol installed

STIG ID: WN19-00-000380 | SRG: SRG-OS-000095-GPOS-00049 | Severity: Medium | CCI: CCI-000381 | Vulnerability ID: V-205682

Description

SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks such as collision and preimage attacks and is not FIPS compliant.

Check

C-5947r819710_chk

Different methods are available to disable SMBv1 on Windows Server 2019. This is the preferred method; however, if WN19-00-000390 and WN19-00-000400 are configured, this is NA.Open "Windows PowerShell" with elevated privileges (run as administrator).Enter "Get-WindowsFeature -Name FS-SMB1".If "Installed State" is "Installed", this is a finding.An Installed State of "Available" or "Removed" is not a finding.

Fix

F-5947r354965_fix

Uninstall the SMBv1 protocol.Open "Windows PowerShell" with elevated privileges (run as administrator).Enter "Uninstall-WindowsFeature -Name FS-SMB1 -Restart".(Omit the Restart parameter if an immediate restart of the system cannot be done.)Alternately:Start "Server Manager".Select the server with the feature.Scroll down to "ROLES AND FEATURES" in the right pane.Select "Remove Roles and Features" from the drop-down "TASKS" list.Select the appropriate server on the "Server Selection" page and click "Next".Deselect "SMB 1.0/CIFS File Sharing Support" on the "Features" page.Click "Next" and "Remove" as prompted.