Editing Server Message Block (section)

== Security ==
Over the years, there have been many security vulnerabilities in Microsoft's implementation of the protocol or components on which it directly relies.<ref>{{cite web|url=http://support.microsoft.com/kb/329170|title=MS02-070: Flaw in SMB Signing May Permit Group Policy to Be Modified|publisher=[[Microsoft]]|access-date=November 1, 2009|date=December 1, 2007|archive-url=https://web.archive.org/web/20091008113615/http://support.microsoft.com/kb/329170|archive-date=October 8, 2009|url-status=live}}</ref><ref>{{cite web|url=http://support.microsoft.com/kb/958687|title=MS09-001: Vulnerabilities in SMB could allow remote code execution|publisher=[[Microsoft]]|access-date=November 1, 2009|date=January 13, 2009|archive-url=https://web.archive.org/web/20091005062727/http://support.microsoft.com/kb/958687|archive-date=October 5, 2009|url-status=live}},</ref> Other vendors' security vulnerabilities lie primarily in a lack of support for newer [[authentication protocol]]s like [[NTLMv2]] and [[Kerberos (protocol)|Kerberos]] in favor of protocols like NTLMv1, [[LM hash|LanMan]], or [[plaintext]] passwords. Real-time attack tracking<ref>{{cite web|url=http://www.sicherheitstacho.eu|title=Sicherheitstacho.eu|publisher=[[Deutsche Telekom]]|access-date=March 7, 2013|date=March 7, 2013|archive-url=https://web.archive.org/web/20130308043532/http://www.sicherheitstacho.eu/|archive-date=March 8, 2013|url-status=live}}</ref> shows that SMB is one of the primary attack vectors for intrusion attempts,<ref>{{cite web|url=https://www.us-cert.gov/ncas/alerts/TA14-353A|title=Alert (TA14-353A) Targeted Destructive Malware|publisher=[[US-CERT]]|access-date=December 20, 2014|archive-url=https://web.archive.org/web/20141220134115/https://www.us-cert.gov/ncas/alerts/TA14-353A|archive-date=December 20, 2014|url-status=live}}</ref> for example the [[Sony Pictures hack|2014 Sony Pictures attack]],<ref>{{cite web|url=http://www.securityweek.com/hackers-used-sophisticated-smb-worm-tool-attack-sony|title=Sony Hackers Used Server Message Block (SMB) Worm Tool|date=19 December 2014 |access-date=December 20, 2014|archive-url=https://web.archive.org/web/20141220134150/http://www.securityweek.com/hackers-used-sophisticated-smb-worm-tool-attack-sony|archive-date=December 20, 2014|url-status=live}}</ref> and the [[WannaCry ransomware attack]] of 2017.<ref>{{cite news|url=http://www.eweek.com/security/wannacry-ransomware-attack-hits-victims-with-microsoft-smb-exploit|title=WannaCry Ransomware Attack Hits Victims With Microsoft SMB Exploit|work=[[eWeek]]|access-date=13 May 2017}}</ref> In 2020, two SMB high-severity vulnerabilities were disclosed and dubbed as [[SMBGhost (security vulnerability)|SMBGhost]] ([https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 CVE-2020-0796]) and [https://www.hackreports.com/smbleed-smbghost-latest-windows-smb-protocol-vulnerability-smbleedingghost/ SMBleed] ([https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206 CVE-2020-1206]), which when chained together can provide [[Remote code execution|RCE (Remote Code Execution)]] privilege to the attacker.<ref>{{Cite web|date=2020-06-09|title=SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost|url=https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/|access-date=2020-11-19|website=ZecOps Blog|language=en|archive-date=2020-11-27|archive-url=https://web.archive.org/web/20201127202823/https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/|url-status=live}}</ref>