Shulou(Shulou.com)11/24 Report--

CTOnews.com January 14 news, Microsoft official technology blog recently updated a blog post, Microsoft chief project manager Ned Pyle said Win11 Professional will disable SMB guest authentication service by default, think this service has many unsafe places.

Microsoft recently released Win11 Build 25267 and Build 25276 two preview versions have been disabled by default to enhance security.

Microsoft says SMB guest authentication is disabled because the protocol does not support audit trails and security mechanisms such as signatures and certificates. Therefore, many hackers use man-in-the-middle (MITM) attacks, even in server scenarios. In the worst case scenario, malicious actors can use guest logins to gain read or copy access to the entire network without leaving any audit trail.

Since Windows 2000, visitors are not allowed to log in by default. Similarly, Windows 10 Education and Enterprise editions do not allow SMB2 and SMB3 to fall back to guest logins after attempting to enter an incorrect password.

Interestingly, while Windows 11 Professional Insider Preview disables guest authentication by default, Windows 10 Professional does not.

CTOnews.com has learned that if a legitimate remote storage device requires guest access using SMB (usually consumer or small NAS), users may see the following error when connecting from Win11 Pro:

You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.

Error code: 0x80070035

The network path was not found.

Event Log Name: Microsoft-Windows-SmbClient/Security

Source: Microsoft-Windows-SMBClient

Date: Date/Time

Event ID: 31017

Task Category: None

Level: Error

Keywords: (128)

User: NETWORK SERVICE

Computer: ServerName.contoso.com

Description: Rejected an insecure guest logon.

User name: Ned

Server name: ServerName

If you see the error above, the recommended solution is to configure the remote device to stop requiring guest authentication. If your device allows guest access, any device or individual on your network can read or copy all of your shared data without any audit trail or credentials.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.