SMB Version 1 disabled Azure Gallery Windows operating system images

Posted on August 29, 2017

Program Manager, Azure Security Engineering

The Azure security team has recently driven some changes into the default behavior of Windows operating system images that are available in the Azure gallery. These changes are in response to recent concerns over malware that has been able to take advantage of issues with the Server Message Block Version 1 network file sharing protocol. The Petya and WannaCry ransomware attacks are just two types of malware that have been able to spread due to weaknesses in SMB v1.

Due to the security issues related to the use of SMB v1, the SMB v1 protocol is disabled on almost all Windows operating systems in the Azure Gallery. The result of this change is that when you create a new virtual machine in the Azure Virtual Machines service, that virtual machine will have the SMB v1 protocol disabled by default. You will not need to manually disable the protocol, such as using the method shown in the figure below.

Turn Windows features on or off

While we expect to have little or no disruption due to these changes, there may be issues you want to consider:

  • What specific Windows operating system images are impacted by this change?
  • What is your current SMB v1 footprint?
  • What effect does this change have on your currently running virtual machines?
  • What about Linux and SMB v1?
  • What about PaaS Images? Are they involved with this change?
  • What tools are available for you to be alerted when SMB v1 is enabled on your virtual machines? Can Azure Security Center be helpful in this context?

To learn more about this change and these issues, please read Disabling Server Message Block Version 1 (SMB v1) in Azure.