The most severe of these vulnerabilities is CVE-2017-0143, or, “Windows SMB Remote Code Execution Vulnerability”, which allows remote attackers to execute arbitrary code via crafted packets. A successful exploit could lead to attackers obtaining sensitive information from process memory. These exploits work even up to recent versions of Windows 10; however, a Windows update was released in March 2017 to resolve these vulnerabilities, and applies to operating systems Windows Vista and later, and Windows Server 2008 and later. The update, MS17-010, resolves these vulnerabilities by correcting how SMBv1 handles specially crafted requests.
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 0 –Force
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 1 –Force
Alternatively, for Server 2012 R2 and later – Open Server Manager, click Manage in the top right bar, and select “Remove Roles and Features”. Click Next until you can select the Features tab in the left pane. In the Features window, uncheck the SMB1.0/CIFS File Sharing Support box, click OK, and restart the system.