The Server Message Block (SMB) v1 protocol must be uninstalled.

An XCCDF Rule

Description

SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks such as collision and preimage attacks and is not FIPS compliant.

ID: SV-224856r958478_rule
Version: WN16-00-000410
Severity: Medium
References: CCI-000381
Updated: 15 days ago

Remediation Templates

Uninstall the SMBv1 protocol.

Open "Windows PowerShell" with elevated privileges (run as administrator).

Enter "Uninstall-WindowsFeature -Name FS-SMB1 -Restart".
(Omit the Restart parameter if an immediate restart of the system cannot be done.)
Alternately:

Start "Server Manager".

Select the server with the feature.

Scroll down to "ROLES AND FEATURES" in the right pane.

Select "Remove Roles and Features" from the drop-down "TASKS" list.

Select the appropriate server on the "Server Selection" page and click "Next".

Deselect "SMB 1.0/CIFS File Sharing Support" on the "Features" page.

Click "Next" and "Remove" as prompted.

The Server Message Block (SMB) v1 protocol must be uninstalled.

Description

Remediation Templates

A Manual Procedure