A critical vulnerability found in Samba which affects all Windows platforms, termed as badlock. It will be patched on April 12, 2016. This is called samba badlock vulnerability. A vulnerability management tool can mitigate this vulnerability.
Samba is an open source implementation of the SMB/CIFS network protocol, which runs on non-windows operating systems like Unix, IBM System 390, Linux, OpenVMS and other operating systems and allows them to interact with Microsoft Windows to access files and printer over a network. Also, a auto patching solution can patch this vulnerability.
Samba Badlock vulnerability discovered by Stefan Metzmacher, a member of the international Samba Core Team and works at SerNet on Samba. However, he reported the bug to Microsoft and has been working with them to bring out the patch to badlock flaw.
From badlock.org:
On April 12th, 2016 a crucial security bug in Windows and Samba will be disclosed. We call it: Badlock.
Engineers at Microsoft and the Samba Team are working together to get this problem fixed. Patches will be released on April 12th.
Admins and everyone responsible for Windows or Samba server infrastructure: Mark the date. (Again: It's April 12th, 2016.)
Please get yourself ready to patch all systems on this day. We are pretty sure that there will be exploits soon after we publish all relevant information.
However some of the deleted tweets from the person registered badlock.org domain, Johannes Loxen reveal two things :
- The reason behind disclosing the vulnerability is “SerNet gets marketing” as a side effect.
- Another tweet is giving us clue on the impact of exploitation, which is “admin accounts for everyone on the same LAN”.
More information about this vulnerability going disclosed on Microsoft Patch Tuesday (i.e. 12th, April, 2016) by Samba Team and Microsoft.
A free vulnerability mitigation software. Build strong defense.
Kumarswamy S