Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
Enforce message signing in the host’s configuration. On Windows, this is found in the policy setting ‘Microsoft network server: Digitally sign communications (always)’. On Samba, the setting is called ‘server signing’. See the ‘see also’ links for further details.
Fix for Windows
Configure the Group Policy ‘Microsoft network server: Digitally sign communications (always)’ to ‘Enabled’
Or run the following command to change the registy key:
REG ADD "HKLM\System\CurrentControlSet\Services\LanManServer\Parameters" /f /v "requiresecuritysignature" /t REG_DWORD /d 0x1
Or via Powershell
set-SmbServerConfiguration -RequireSecuritySignature $TRUE -force
You can verify the setting via Powershell:
Get-SmbServerConfiguration | select RequireSecuritySignature