Jump to content
  • Sign Up
×
×
  • Create New...
New feature: 1 Vote = 0.10€ for server Owner!

Windows 11 24H2 may block connections to unsecured third-party NAS devices — Microsoft enables SMB signing for enhanced security

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted



Windows 11 24H2 may block connections to unsecured third-party NAS devices —
This is the hidden content, please
enables SMB signing for enhanced security

This is the hidden content, please
’s principal program manager, Ned Pyle, addressed new security changes with Windows 11 24H2 via the
This is the hidden content, please
. The changes will deny access to unsecured routers with USB ports and some Network Attached Storage devices. Pyle mentions that the upcoming upgrade abandons the much earlier variants of the Server Message Block (SMB) protocol and hence the potential issue.

Pyle explains that SMB1 is over forty years old, and warnings of its demise have been echoed since 2022. The Windows 11 24H2 takes one step forward, as it requires SMB signing by default, which will avoid tampering on the network. Guest fallback will be disabled on Windows 11 Pro Edition, which provides better security as it allows access to an SMB server without a username or password. 

This added security is long overdue as SMB signing has been available in Windows for thirty years as an option. Guest in Windows was deprecated twenty-five years ago, while the Guest fallback option was disabled in Windows 10 Enterprise, Education, and Pro for Workstation editions. These security implementations have also been present in Windows Insider Dev, and Canary builds for a year. Pyle says that this change in Windows 11 24H2 will secure over a billion devices as it will force NAS and router makers to update unpatched devices. 

SMB signing could serve as an added layer of security against malicious programs that access unsecured servers without the user’s knowledge and permission to transfer data. Pyle explains that the devices can no longer be tricked into connecting to a malicious server without login credentials, blocking access to ransomware or malicious programs designed to steal data. 

However, this would also mean blocking access to your NAS since it can’t differentiate between a server with malicious intent or a trusted NAS that doesn’t have the necessary protocols. Pyle explains that, as a result, it would generate the following error:

  • 0xc000a000
  • -1073700864
  • STATUS_INVALID_SIGNATURE
  • The cryptographic signature is invalid

NAS makers to follow suit?

Despite being disabled by default, one could revert the changes at the cost of having a less secure system. This is where device manufacturers must provide a security patch to unsecured devices. 

Pyle explains that

This is the hidden content, please
would like to know if users have routers with USB ports and NAS units that do not support SMB signing. He says, “If you have a third-party NAS device that doesn’t support SMB signing, we want to hear about it. Please email wontsignsmb@
This is the hidden content, please
.com with the make and model of your NAS device so we can share it with the world and perhaps get the vendor to fix it with an update.”

It’s also likely that the respective NAS and routers with USB ports may have the SMB signing but possibly turn it off by default. Users could probably turn it on via the NAS management software. However, this may encourage NAS and router makers to turn these off by default while providing the ability to turn on the SMB guest fallback option should the user need it. 

Helping to secure one’s network-attached drives is always going to be seen in a positive light by several users. It is also unlikely many NAS makers would risk being named by

This is the hidden content, please
as an unsecured device. Still, you’ll never know until Windows 11 24H2 is released and, eventually, a list of unsecured NASs is published. 

This isn’t the only security provision provided with Windows 11 24H2, but only time will tell how many users would be affected by this change.





This is the hidden content, please

#Windows #24H2 #block #connections #unsecured #thirdparty #NAS #devices #

This is the hidden content, please
#enables #SMB #signing #enhanced #security

This is the hidden content, please

For verified travel tips and real support, visit: https://hopzone.eu/
0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept