Microsoft has just unveiled its latest Windows 11 update, Build 25951, designed to significantly enhance network and data safety. This rollout, exclusive to the Windows Insiders in the Canary Channel, introduces pivotal changes to the Server Message Block (SMB) protocol.

 

Here, we delve deep into these modifications, offering insights into how Microsoft is redefining security standards for both individual users and enterprises. Join us as we break down these advancements and their implications for the broader digital community.

 

Windows 11 Update Boosts Security: A Deep Dive into SMB Enhancements
Windows 11 Insider Preview Build 25951

 

What's new and improved in Windows 11 Insider Preview Build 25951?

A Deep Dive into SMB Enhancements

1. Blocking NTLM in SMB

The first major change concerns the SMB client's newfound ability to block NTLM for remote outbound connections. For context, the legacy behavior allowed Windows SPNEGO (Simple and Protected GSS-API Negotiation Mechanism) to negotiate with destination servers using various security packages, including Kerberos, NTLM, and others. NTLM here encompasses all versions of the LAN Manager security package, namely LM, NTLM, and NTLMv2.

 

 

This change provides administrators with the option to intentionally prevent Windows from offering NTLM via SMB. The direct implication of this is increased security: malicious actors attempting to coax users or applications into sending NTLM challenge responses will find their attempts fruitless.

 

These attackers won't obtain any NTLM data, rendering brute force attacks, password cracking, or pass-the-password techniques ineffective. Importantly, this new layer of protection can be introduced without needing to disable NTLM completely in the OS.

 

Administrators can flexibly configure this option through Group Policy and PowerShell. Additionally, there's the ability to block NTLM in SMB connections on the fly with NET USE and PowerShell commands.

 

 

2. SMB Dialect Management

The second key change in this build is the enhanced control over SMB 2 and 3 dialects on the SMB server. Previously, Windows SMB would automatically negotiate the highest matched server dialect between SMB 2.0.2 to 3.1.1 clients. Though Windows 10 had introduced the feature to control SMB client dialects, the same wasn't true for server dialects.

 

Now, administrators have the power to eliminate older SMB protocols from being used within their network, thereby shutting the door on older, potentially vulnerable, or less capable Windows devices and third-party systems. This strategic move underscores Microsoft's commitment to allowing only the most secure connections.

 

 

Setting up this feature is straightforward, with options available in Group Policy and PowerShell. In a significant step forward, both SMB client and server now possess full management support, eliminating the previous need for manual registry editing on the client side.

 

Further Refinements

Beyond these major changes, Microsoft also unveiled a UI tweak: the network flyout on the Lock screen has been adjusted to align more cohesively with the network flyout's UI in the system tray's quick settings.

 

 

In Conclusion

With the release of Windows 11 Build 25951, Microsoft once again highlights its dedication to ensuring both user and enterprise security. The SMB protocol improvements are a testament to their continuous efforts to create a secure ecosystem, combining the flexibility of configuration with robust protective measures.

 

Have a question? Or, a comment? Let's Discuss it below...

Thank you for visiting our website!

We value your engagement and would love to hear your thoughts. Don't forget to leave a comment below to share your feedback, opinions, or questions.

We believe in fostering an interactive and inclusive community, and your comments play a crucial role in creating that environment.