SV-87951.md
---
scapolite:
class: rule
version: '0.51'
id: SV-87951
id_namespace: mil.disa.Windows-Server-2016-STIG
title: The Server Message Block (SMB) v1 protocol must be uninstalled.
rule: <see below>
description: <see below>
applicability:
- system: org.scapolite.xccdf.applicability
weight: 10.0
selected: false
role: ''
severity: medium
implementations:
- relative_id: F-84915r1
description: <see below>
checks:
- relative_id: C-77761r1
description: <see below>
- relative_id: '01'
title: OVAL-based check
description: <see below>
automations:
- system: http://oval.mitre.org/XMLSchema/oval-definitions-5
idref: oval:mil.disa.stig.windows:def:1259
href: U_MS_Windows_Server_2016_V1R7_STIG_SCAP_1-2_Benchmark-oval.xml
crossrefs:
- system: http://iase.disa.mil/cci
idref: CCI-000381
relation: ''
history:
- version: r2
action: created
description: WN16-00-000410
internal_comment: ''
---
## /rule
The Server Message Block (SMB) v1 protocol must be uninstalled.
## /description
[**VulnDiscussion**]{.separator type='STIG'}
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks such as collision and preimage attacks and is not FIPS compliant.
[**Documentable**]{.separator type='STIG'}
false
## /implementations/0/description
Uninstall the SMBv1 protocol.
Open "Windows PowerShell" with elevated privileges (run as administrator).
Enter "Uninstall-WindowsFeature -Name FS-SMB1 -Restart".
(Omit the Restart parameter if an immediate restart of the system cannot be done.)
Alternately:
Start "Server Manager".
Select the server with the feature.
Scroll down to "ROLES AND FEATURES" in the right pane.
Select "Remove Roles and Features" from the drop-down "TASKS" list.
Select the appropriate server on the "Server Selection" page and click "Next".
Deselect "SMB 1.0/CIFS File Sharing Support" on the "Features" page.
Click "Next" and "Remove" as prompted.
## /checks/0/description
Different methods are available to disable SMBv1 on Windows 2016. This is the preferred method, however if V-78123 and V-78125 are configured, this is NA.
Open "Windows PowerShell" with elevated privileges (run as administrator).
Enter "Get-WindowsFeature -Name FS-SMB1".
If "Installed State" is "Installed", this is a finding.
An Installed State of "Available" or "Removed" is not a finding.
## /checks/1/description
IASE supplies an OVAL check.