Microsoft has acknowledged that the September 2025 Windows security updates are leading to connection difficulties with Server Message Block (SMB) v1 shares. This issue spans a wide range of platforms, affecting both client systems—specifically Windows 11 versions 24H2, 23H2, and 22H2, as well as Windows 10 versions 22H2 and 21H2—and server environments, including Windows Server 2025 and Windows Server 2022.
Details of the Connection Issue
In a service alert reported by BleepingComputer, Microsoft detailed that the problem arises when attempting to connect to SMBv1 shares via the NetBIOS over TCP/IP (NetBT) networking protocol. The company stated, “After installing the September 2025 Windows security update (the Originating KBs listed above) or later updates, you might fail to connect to shared files and folders using the Server Message Block (SMB) v1 protocol on NetBIOS over TCP/IP (NetBT).” This connectivity issue can occur if either the SMB client or server has the September 2025 security update applied.
To address this disruption, Microsoft is actively working on a resolution. In the interim, the company has provided affected customers with a temporary workaround. This involves enabling traffic on TCP port 445, which facilitates a successful Windows SMB connection by transitioning from NetBT to TCP.
The Evolution of SMB Protocols
It is noteworthy that the SMBv1 networking protocol has been largely phased out, having been superseded by SMBv2 and later iterations since 2007, and officially deprecated in 2014. Notably, SMBv1 is no longer installed by default with the release of Windows 10 version 1709 and Windows Server version 1709. Furthermore, Microsoft began disabling this three-decade-old protocol by default for Windows 11 Home Insiders in April 2022, following initial plans to remove SMBv1 from most Windows versions announced in June 2017.
For years, Microsoft has urged system administrators to eliminate support for SMBv1 within their networks due to its lack of security enhancements compared to newer protocols. These improvements include pre-authentication integrity checks to thwart man-in-the-middle (MiTM) attacks, blocking insecure guest authentication, and providing safeguards against security downgrade attacks.
The impetus for these warnings intensified after the 2017 leak of various NSA exploits that targeted vulnerabilities in the SMBv1 protocol. These exploits allowed unauthorized commands to be executed on susceptible servers with administrative privileges. Notable examples, such as EternalBlue and EternalRomance, were later utilized in widespread attacks by malware like WannaCry, NotPetya, TrickBot, Emotet, Olympic Destroyer, and Retefe, resulting in significant damage and credential theft.
As the landscape of cybersecurity continues to evolve, the importance of adhering to best practices in network security remains paramount for organizations worldwide.