Microsoft has confirmed that the September 2025 Home windows safety updates are inflicting connection points to Server Message Block (SMB) v1 shares.
The checklist of platforms affected by this recognized problem is kind of in depth, because it consists of each consumer (Home windows 11 24H2/23H2/22H2 and Home windows 10 22H2/21H2) and server (Home windows Server 2025 and Home windows Server 2022) platforms.
In a service alert seen by BleepingComputer, Microsoft stated this recognized problem impacts these connecting to SMBv1 shares over the NetBIOS over TCP/IP (NetBT) networking protocol.
“After putting in the September 2025 Home windows safety replace (the Originating KBs listed above) or later updates, you may fail to hook up with shared recordsdata and folders utilizing the Server Message Block (SMB) v1 protocol on NetBIOS over TCP/IP (NetBT),” the corporate stated.
“This problem can happen if both the SMB consumer or the SMB server has the September 2025 safety replace put in.”
Microsoft is now working to resolve this problem, and till a repair is on the market, it has offered impacted prospects with a brief workaround.
This requires them to permit visitors on TCP port 445, which is able to trigger the Home windows SMB connection to renew efficiently by switching to utilizing TCP as an alternative of NetBT.
The SMBv1 networking protocol was outmoded by SMBv2 and later protocols in 2007 and deprecated in 2014. SMBv1 is now not put in by default for the reason that launch of Home windows 10 model 1709 and Home windows Server model 1709.
Microsoft started disabling the 30-year-old SMBv1 file-sharing protocol by default for Home windows 11 House Insiders in April 2022. The first plans to take away SMBv1 from most Home windows variations had been introduced in June 2017, after initially disabling it in inside builds of Home windows Server 2016 and Home windows 10 Enterprise.
Microsoft has been warning admins to take away assist for SMBv1 on their community for years, because it lacks the safety enhancements added to newer variations of the protocol, together with pre-authentication integrity checks to stop man-in-the-middle (MiTM) assaults, insecure visitor authentication blocking, safety in opposition to safety downgrade assaults, and extra.
These warnings adopted the 2017 leak of a number of NSA exploits designed to use weaknesses within the SMBv1 protocol, which allowed instructions to be executed on weak servers with admin privileges.
A few of these exploits, comparable to EternalBlue and EternalRomance, had been later deployed within the wild by WannaCry, NotPetya, TrickBot, Emotet, Olympic Destroyer, and Retefe malware in harmful assaults or for credential theft.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration traits.