Security News > 2023 > June > Windows 11 to require SMB signing to prevent NTLM relay attacks
Microsoft says SMB signing will be required by default for all connections to defend against NTLM relay attacks, starting with today's Windows build rolling out to Insiders in the Canary Channel.
"This changes legacy behavior, where Windows 10 and 11 required SMB signing by default only when connecting to shares named SYSVOL and NETLOGON and where Active Directory domain controllers required SMB signing when any client connected to them," Microsoft said.
This security mechanism has been available for a while now, starting with Windows 98 and 2000, and it has been updated in Windows 11 and Windows Server 2022 to improve performance and protection by significantly accelerating data encryption.
While blocking NTLM relay attacks should be at the top of the list for any security team, Windows admins might take issue with this approach since it could lead to lower SMB copy speeds.
"Expect this default change for signing to come to Pro, Education, and other Windows editions over the next few months, as well as to Windows Server. Depending on how things go in Insiders, it will then start to appear in major releases," said Microsoft Principal Program Manager Ned Pyle.
In April 2022, Microsoft announced the final phase of disabling SMB1 in Windows by disabling the 30-year-old file-sharing protocol by default for Windows 11 Home Insiders.
News URL
Related news
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes (source)
- Critical Rust flaw enables Windows command injection attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)