DevSec Hardening Framework project is releasing a new minor release chef-windows-hardening today.
The release introduces the, always, disabling of SMB1 protocol on Windows operating systems.
Note: This resource was introduced in the wake of the WannaCrypt/WannaCry ransomware worm which exploits a known vulnerability in the SMBv1 protocol
Highlights and breaking changes:
- Enforce the disabling of SMBv1 on all versions of Windows, regardless of installation or whether the feature is enabled (e.g. Windows 2016)
['windows_hardening']['smbv1']['disable']allows the disabling/enabling of the enforcement of disabling SMBv1