Content - 278c0b9399f0343841b406a14dd02485c1edfd53 - 4dca8ab/scapolite/V-73299/SV-87951.md

SV-87951.md
---
scapolite:
    class: rule
    version: '0.51'
id: SV-87951
id_namespace: mil.disa.Windows-Server-2016-STIG
title: The Server Message Block (SMB) v1 protocol must be uninstalled.
rule: <see below>
description: <see below>
applicability:
  - system: org.scapolite.xccdf.applicability
    weight: 10.0
    selected: false
    role: ''
    severity: medium
implementations:
  - relative_id: F-84915r1
    description: <see below>
checks:
  - relative_id: C-77761r1
    description: <see below>
  - relative_id: '01'
    title: OVAL-based check
    description: <see below>
    automations:
      - system: http://oval.mitre.org/XMLSchema/oval-definitions-5
        idref: oval:mil.disa.stig.windows:def:1259
        href: U_MS_Windows_Server_2016_V1R7_STIG_SCAP_1-2_Benchmark-oval.xml
crossrefs:
  - system: http://iase.disa.mil/cci
    idref: CCI-000381
    relation: ''
history:
  - version: r2
    action: created
    description: WN16-00-000410
    internal_comment: ''
---


## /rule

The Server Message Block (SMB) v1 protocol must be uninstalled.

## /description

[**VulnDiscussion**]{.separator type='STIG'}

SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks such as collision and preimage attacks and is not FIPS compliant.

[**Documentable**]{.separator type='STIG'}

false

## /implementations/0/description

Uninstall the SMBv1 protocol.

Open "Windows PowerShell" with elevated privileges (run as administrator).

Enter "Uninstall-WindowsFeature -Name FS-SMB1 -Restart".
(Omit the Restart parameter if an immediate restart of the system cannot be done.)

Alternately:

Start "Server Manager".

Select the server with the feature.

Scroll down to "ROLES AND FEATURES" in the right pane.

Select "Remove Roles and Features" from the drop-down "TASKS" list.

Select the appropriate server on the "Server Selection" page and click "Next".

Deselect "SMB 1.0/CIFS File Sharing Support" on the "Features" page.

Click "Next" and "Remove" as prompted.

## /checks/0/description

Different methods are available to disable SMBv1 on Windows 2016.  This is the preferred method, however if V-78123 and V-78125 are configured, this is NA.

Open "Windows PowerShell" with elevated privileges (run as administrator).

Enter "Get-WindowsFeature -Name FS-SMB1".

If "Installed State" is "Installed", this is a finding.

An Installed State of "Available" or "Removed" is not a finding.

## /checks/1/description

IASE supplies an OVAL check.