For consumer or highly isolated, managed computers that do not require SMB at all, you can disable the Server or Workstation services. You can do this manually by using the “Services” snap-in (Services.msc) and the PowerShell Set-Service cmdlet, or by using Group Policy Preferences.

Customers must either configure SMB Server to require SMB Server signing or enable SMB Server EPA to harden their systems against this class of attack.

Resolution To reduce the risk of this issue, we recommend that you configure environments that run Windows NT 4, Windows 2000, Windows XP, and Windows Server 2003 to allow the use of NTLMv2 only. To do this, manually set the LAN Manager Authentication Level to 3 or higher as described here.

General information about new networking features in Windows Server 2008 and Windows Vista For more information about how to enable/disable SMB protocol, click the following article number to view the article in the Microsoft Knowledge Base:

Under Human Interface Devices, right-click on HID-compliant touch screen and select either Enable device or Disable device depending on which action is desired.

If you would like to remove the entry point to Xbox mode in your task bar, you can always disable it by going to Windows Settings > Gaming > Xbox mode > Show Xbox mode in task view.

Resolves a vulnerability in Windows that could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

Find out how to manage your Xbox subscriptions to request a refund or cancel a recurring payment.

Resolves a vulnerability in Windows that could allow remote code execution if an authenticated attacker sends specially crafted packets to an affected Microsoft Server Message Block 1.0 (SMBv1) Server.

These subkeys will not be created in the registry since these protocols are disabled by default. Create the necessary subkeys for TLS 1.1 and 1.2; create the DisabledByDefault DWORD values and set it to 0 in the following locations: