Full Report
Microsoft has confirmed that the September 2025 Windows security updates are causing connection issues to Server Message Block (SMB) v1 shares. [...]
Analysis Summary
# Vulnerability: Microsoft September 2025 Updates Break SMBv1 Connections over NetBT
## CVE Details
- CVE ID: Not specified in the context (This is a known issue/bug, not explicitly linked to a CVE in the description)
- CVSS Score: N/A (Functionality break, not a security vulnerability summary)
- CWE: N/A
## Affected Systems
- Products: Windows 11 (24H2, 23H2, 22H2), Windows 10 (22H2, 21H2), Windows Server 2025, Windows Server 2022
- Versions: Systems running the September 2025 Windows security updates or later.
- Configurations: Affects connections to Server Message Block (SMB) v1 shares using the NetBIOS over TCP/IP (NetBT) networking protocol, irrespective of whether the client or server has the update installed.
## Vulnerability Description
The September 2025 Windows security updates introduced a known issue causing client or server systems that have the update installed to fail when attempting to connect to SMBv1 shares over the NetBIOS over TCP/IP (NetBT) protocol. This is a functional regression, not explicitly detailed as a security flaw in the summary, though SMBv1 itself is highly insecure.
## Exploitation
- Status: Not applicable (This describes a regression/breakage caused by an update, not a security exploit).
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: Minimal (Affects connectivity)
- Integrity: Minimal (Affects connectivity)
- Availability: High for users relying on legacy SMBv1 over NetBT connectivity.
## Remediation
### Patches
- Specific patch KBs are not listed, but Microsoft is "working to resolve this issue" via future updates.
### Workarounds
- Allow traffic on **TCP port 445**. This forces the Windows SMB connection to successfully resume by using TCP directly instead of relying on NetBT.
## Detection
- Indicators of Compromise: Connection failures when accessing legacy SMBv1 shares using NetBIOS names or NetBT routes.
- Detection methods and tools: Monitoring network connectivity failures related to SMBv1 access post-September 2025 updates.
## References
- Vendor Advisories: Microsoft service alert [hxxps://admin.cloud.microsoft/Adminportal/Home?source=applauncher#/windowsreleasehealth/:/issue/WI1152304]
- Relevant links: [hxxps://www.bleepingcomputer.com/news/microsoft/microsoft-says-windows-september-updates-break-smbv1-shares/]