0
With the whole WannaCry issue our headquarters wants to disable SMBv1.
Our shop received a few servers that they are stating has SMBv1 on. I have scanned the servers with Get-WindowsFeature
and Get-WMIObject win32_optionalfeature
and only one server comes back with SMBv1 feature installed.
I did a Get-SmbServerConfiguration
command and it states that EnableSMB1Protocol attribute is showing false.
My question, is there another way to find out if SMBv1 is installed/enabled that I'm missing, since they are stating multiple servers have it.
Yet, I am only pulling one server that has it installed, but the feature is disabled?
I'm honestly scared that it's taken organisations what seems like a week to react to something like this. Then again, I'm also not surprised :( – djsmiley2k TMW – 2017-05-24T15:02:43.333
@djsmiley2k - A week? The specific vulerability WannaCry exploited was fxied back in March. This means it has taken them more then 3 months worth of patches (May 2017 cumulative quality patches have already been released). We are talking more then 8 weeks at this point. If I am not mistaken, I do believe the patch released back in March, was specifically linked back to the vulerability at the time of release. Microsoft just didn't indicate whom told them about the vulerability. – Ramhound – 2017-05-24T16:30:06.827