Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Microsoft Advertising Businesses Cloud Network Open Source Operating Systems Privacy Security Unix Windows News Build Linux

Badlock Vulnerability Falls Flat Against Hype (threatpost.com) 21

msm1267 quotes a report from Threatpost: Weeks of anxiety and concern over the Badlock vulnerability ended today with an anticlimactic thud. Badlock was the security boogeyman since the appearance three weeks ago of a website and logo branding the bug as something serious in Samba, an open source implementation of the server message block (SMB) protocol that provides file and print services for Windows clients. As it turns out, Badlock was hardly the remote code execution monster many anticipated. Instead, it's a man-in-the-middle and denial-of-service bug, allowing an attacker to elevate privileges or crash a Windows machine running Samba services. SerNet, a German consultancy behind the discovery of Badlock, fueled the hype at the outset with a number of since-deleted tweets that said any marketing boost as a result of its branding and private disclosure of the bug to Microsoft was a bonus for its business. For its part, Microsoft refused to join the hype machine and today in MS16-047 issued a security update it rated 'Important' for the Windows Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD). The bulletin patches one vulnerability (CVE-2016-0128), an elevation of privilege bug in both SAM and LSAD that could be exploited in a man-in-the-middle attack, forcing a downgrade of the authentication level of both channels, Microsoft said. An attacker could then impersonate an authenticated user.
This discussion has been archived. No new comments can be posted.

Badlock Vulnerability Falls Flat Against Hype

Comments Filter:
  • Was the "lack of hype" because if you're talking Microsoft protocols to any particular machine it's already "game over" because you're probably already behind all their defenses?
    • Unless I'm misunderstanding something here, the "thud" mean "who would open a SMB service to the internet anyway?" That's why some security people were confused why they were making such a big deal over a SMB vulnerability. Needs to be fixed, yes, but not a huge deal, since that's typically a service only exposed to your own intranet.

  • by darthcamaro ( 735685 ) on Tuesday April 12, 2016 @04:06PM (#51895033)
    I don't know much about Windows and there there are 12 other advisories more impactful that Badlock this month - but Red Hat is and has taken the Linux related vulnerabilities *very* seriously [eweek.com] - which is a good thing, it means no shellshocked/heartbleed repeat, patches on time and no real risk.

    "Working closely with the community over many months, Red Hat engineers have been heavily involved in the process of analyzing and developing Samba patches for Badlock-associated issues," Josh Bressers, security strategist at Red Hat sad.

  • by The-Ixian ( 168184 ) on Tuesday April 12, 2016 @04:06PM (#51895039)

    I was anticipating the worst and so it's good that we can just continue with our normal patch cycle.

    Shame on SerNet for causing undue stress in Windows admins everywhere... jerks

  • Fantastic article from Alexander Bokovoy on
    how this thing was found and fixed !

    http://rhelblog.redhat.com/201... [redhat.com]

If you have a procedure with 10 parameters, you probably missed some.

Working...