Microsoft drops SMB1 firewall rules in new Windows 11 build
Windows 11 will no longer add SMB1 Windows Defender Firewall rules when creating new SMB shares starting with today's Canary Channel Insider Preview Build 25992 build. [...]
Windows 11 is Microsoft's desktop operating system, whose updates, security controls, and flaws affect the protection of PCs and their data.
Search across headline titles and summaries.
Background for this topic.
Windows 11 is Microsoft’s desktop operating system for personal computers and organizational endpoints. Its security model can use hardware-backed protections such as TPM 2.0 and Secure Boot, while virtualization-based security (VBS), credential isolation, Microsoft Defender, and Windows Hello help protect the boot process, credentials, and user sessions. These controls depend on compatible hardware, enabled policies, and correctly configured drivers and applications; they are not automatic protection against every attack.
For security teams, Windows 11 is a major vulnerability-management and endpoint-monitoring scope. Monthly updates address flaws that may enable privilege escalation, remote code execution, or security-control bypass, while third-party software, kernel drivers, and misconfigured services add attack surface. Organizations should maintain supported builds, test and deploy patches, verify Secure Boot and VBS posture, protect recovery and administrator credentials, and retain telemetry useful for detecting persistence or lateral movement. Hardware and configuration differences also matter when assessing exposure and forensic evidence.
Windows 11 will no longer add SMB1 Windows Defender Firewall rules when creating new SMB shares starting with today's Canary Channel Insider Preview Build 25992 build. [...]