A critical vulnerability has been found in Samba which affects all Windows platforms, termed as badlock. It will be patched on April 12, 2016.

credit : badlock.org

credit : badlock.org

Samba is an open source implementation of the SMB/CIFS network protocol, which runs on non-windows operating systems like Unix, IBM System 390, Linux, OpenVMS and other operating systems and allows them to interact with Microsoft Windows to access files and printer over a network.

Badlock vulnerability has been discovered by Stefan Metzmacher, a member of the international Samba Core Team and works at SerNet on Samba. He reported the bug to Microsoft and has been working with them to bring out the patch to badlock flaw.

From badlock.org:

On April 12th, 2016 a crucial security bug in Windows and Samba will be disclosed. We call it: Badlock.

Engineers at Microsoft and the Samba Team are working together to  get this problem fixed. Patches will be released on April 12th.

Admins and everyone responsible for Windows or Samba server infrastructure: Mark the date. (Again: It's April 12th, 2016.)

Please get yourself ready to patch all systems on this day. We are pretty sure that there will be exploits soon after we publish all relevant information.

However some of the deleted tweets from the person registered badlock.org domain, Johannes Loxen reveal two things :

 

  • The reason behind disclosing the vulnerability is “SerNet gets marketing” as a side effect.
    badlock_marketing

 

  • Another tweet is giving us clue on the impact of exploitation, which is “admin accounts for everyone on the same LAN”.
    badlock_admin_lan

More information about this vulnerability is going to be disclosed on Microsoft Patch Tuesday (i.e. 12th, April, 2016) by Samba Team and Microsoft.

SecPod Saner

A free vulnerability mitigation software. Build strong defense.

Kumarswamy S

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>