Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024
  • Security & Privacy News

    Microsoft says SMB signing by default is coming to more editions of Windows

    Karlston

    By Karlston,
    Published Date:

    • 424 views
    • 2 minutes
     Share
    • 424 views
    • 2 minutes

    Earlier today, Microsoft released the latest Canary channel update of Windows 11 for members of the Insiders program. The new 25381 build for Enterprise editions now requires Server Message Block (SMB) signing by default for all connections.

     

    In a blog post, Microsoft Principal Program Manager Ned Pyle explained the reason for this move and also revealed that this change will be coming to more versions of Windows, along with Windows Server.

     

    While versions of both Windows and Windows Server have supported SMB signing for quite a while, Microsoft has been making a lot of recent moves to make it a bigger part of Windows security.

     

    In March 2022, Microsoft added the SMB authentication rate limiter to Insider builds. This rate limiter put in a 2-second timeout limit on each failed NTLM authentication attempt. That in theory should make it much harder for hackers to make multiple attempts to sign in.

     

    In January 2023, Microsoft said that Windows 11 Pro will soon start disabling insecure SMB guest authentication fallbacks. Today, Pyle stated this new move to make SMB signing the default is "part of a campaign to improve the security of Windows and Windows Server for the modern landscape."

     

    Pyle added:

     

    Expect this default change for signing to come to Pro, Education, and other Windows editions over the next few months, as well as to Windows Server. Depending on how things go in Insiders, it will then start to appear in major releases.

     

    In addition, we shouldn't expect this to be the end for SMB features in future versions of Windows, according to Pyle:

     

    We'll continue to push out more secure SMB defaults and many new SMB security options in the coming years; I know they can be painful for application compatibility and Windows has a legacy of ensuring ease of use, but security cannot be left to chance.

     

    It will be interesting to see how Microsoft's push of using SMB defaults will have an effect on truly making Windows safer to use in upcoming editions.

     

     

    Microsoft says SMB signing by default is coming to more editions of Windows

    • dabourzannan
    • Thanks 1
     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...