Microsoft has confirmed that the September 2025 Windows security updates are causing connection issues to Server Message Block (SMB) v1 shares.
The list of platforms affected by this known issue is quite extensive, as it includes both client (Windows 11 24H2/23H2/22H2 and Windows 10 22H2/21H2) and server (Windows Server 2025 and Windows Server 2022) platforms.
In a service alert seen by BleepingComputer, Microsoft said this known issue affects those connecting to SMBv1 shares over the NetBIOS over TCP/IP (NetBT) networking protocol.
“After installing the September 2025 Windows security update (the Originating KBs listed above) or later updates, you might fail to connect to shared files and folders using the Server Message Block (SMB) v1 protocol on NetBIOS over TCP/IP (NetBT),” the company said.
“This issue can occur if either the SMB client or the SMB server has the September 2025 security update installed.”
Microsoft is now working to resolve this issue, and until a fix is available, it has provided impacted customers with a temporary workaround.
This requires them to allow traffic on TCP port 445, which will cause the Windows SMB connection to resume successfully by switching to using TCP instead of NetBT.
The SMBv1 networking protocol was superseded by SMBv2 and later protocols in 2007 and deprecated in 2014. SMBv1 is no longer installed by default since the release of Windows 10 version 1709 and Windows Server version 1709.
Microsoft began disabling the 30-year-old SMBv1 file-sharing protocol by default for Windows 11 Home Insiders in April 2022. The first plans to remove SMBv1 from most Windows versions were announced in June 2017, after initially disabling it in internal builds of Windows Server 2016 and Windows 10 Enterprise.
Microsoft has been warning admins to remove support for SMBv1 on their network for years, as it lacks the security improvements added to newer versions of the protocol, including pre-authentication integrity checks to prevent man-in-the-middle (MiTM) attacks, insecure guest authentication blocking, protection against security downgrade attacks, and more.
These warnings followed the 2017 leak of multiple NSA exploits designed to exploit weaknesses in the SMBv1 protocol, which allowed commands to be executed on vulnerable servers with admin privileges.
Some of these exploits, such as EternalBlue and EternalRomance, were later deployed in the wild by WannaCry, NotPetya, TrickBot, Emotet, Olympic Destroyer, and Retefe malware in destructive attacks or for credential theft.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.