SMBv1 Vulnerabilities
Note
RapidIdentity now supports SMBv2 as of 2018.8.9 rolling and 2019.1.31.0 LTS. Identity Automation recommends upgrading to at least the latest 2019.1.31.x LTS version of RapidIdentity.
In April of 2017, an enormous number of hacking tools and exploits collected and used by the NSA were released in the infamous Shadow Brokers dump. To minimize the ensuing attack footprint and damage casued by those looking to exploit these new public vulnerabilities, vendors such as Microsoft and Cisco have issued software updates and patches.
One of the biggest issues that came to the forefront is the continued use of an older protocol, Server Message Block version 1 (SMB v1), which was exploited by the WannaCry ransomware worm. Other SMBv1 exploits are also rapidly being seen in the wild. However, research and statistics show that a large number (40%) of internet-facing systems still have not been patched.
Steps to Protect Your Organization
To remediate the SMBv1 vulnerability, Microsoft recommends that all Windows Server customers immediately apply the following patch: Security Update for Microsoft Windows SMB Server (4103389). You can verify that the patch has successfully been applied by following the steps provided by Microsoft.
As recently as June 27th, 2017, a ransomware attack has surfaced that uses the SMBv1 attack vector along with some additional functionality. This malware, named Petya, requires further steps to ensure your systems are protected.
Should you choose to disable SMBv1 on your Windows machines, please note that this will break some "out of the box" RapidIdentity Folders and RapidIdentity Portal Files module functionality. We are investigating workarounds that utilize RapidIdentity Connect and CLI actions to perform the same or similar functions. However, at this time, we cannot guarantee that all broken functionality can be replicated. Therefore, we are only recommending that you patch your systems at this time.
If you have already disabled SMBv1 and are experiencing functionality issues with your RapidIdentity instance, please contact our Support team at support@idauto.net to discuss how we might be able to assist you.
Longer-Term Solutions
RapidIdentity now supports SMBv2 as of 2018.8.9 rolling and 2019.1.31.0 LTS. Identity Automation recommends upgrading to at least the latest 2019.1.31.x LTS version of RapidIdentity.
As is best practice, keep current with all system patches, Windows, Linux, applications, etc. As always, please submit a ticket if you need further assistance from the Identity Automation Support team.