Skip to content
Get A Demo
Free SIEM

    Server Message Block (SMB)

    Server Message Block (SMB) is an application-layer network protocol that facilitates network communication while providing shared access to client files, printers and serial ports. SMB is also known as the Common Internet File System (CIFS).

    After several critical SMB vulnerabilities, in 2017, US-CERT released the following message:

    In response to public reporting of a potential Server Message Block (SMB) vulnerability, US-CERT is providing known best practices related to SMB. This service is universally available for Windows systems, and legacy versions of SMB protocols could allow a remote attacker to obtain sensitive information from affected systems.

    US-CERT recommends that users and administrators consider:

    • disabling SMBv1 and
    • blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.

    US-CERT cautions users and administrators that disabling or blocking SMB may create problems by obstructing access to shared files, data, or devices. The benefits of mitigation should be weighed against potential disruptions to users. For more information on SMB, please review Microsoft Security Advisories 2696547 and 204279.