Blog
Badlock Bug Poses Serious Security Risks
April 12, 2016 marks the day that the Badlock bug is slated to be released within the Windows and Samba infrastructures. While businesses should be aware of this event, it is expected that this day will also mark the time period when a patch also will be released. Both the Samba and Windows teams have been working together diligently to devise a patch for the potentially devastating Badlock bug. It’s vital that you are aware of this information if you are a business that uses either the Samba or Windows infrastructure since you’ll need the patch to prevent its exploitation.
The Details
Brace yourselves ‒ patches guarding against the Badlock bug are scheduled to be released at 17:00 UTC. This time is significant because it also marks the time of Microsoft Patch Tuesday. Only the latest Samba versions are going to be supported by this patch. These supported versions include Samba 4.2, 4.3 and 4.4. Support for Samba 4.1 is no longer offered with owners of that version strongly encouraged to upgrade to the latest Samba release of 4.4, which came online on March 22. Upgrading before using the patch saves time, because the system will already be primed and receptive before the bug’s release. It is important to note if you don’t upgrade to a more recent version of Samba, or you are unable to do so in time for the release of the patch, some vendors may provide back support for Samba 4.1 and the patch. This is not to say, though, that your systems will have a smooth and flawless transition.
How to Protect Your Samba System
When the patch for Badlock bug is released, a CVE will also be assigned at the same time. It is crucial to the stability and viability of any Samba infrastructure your business uses, however, that you are ready to patch those systems as quickly as possible. You should also have applicable sysadmin resources standing by in the event that the unthinkable happens. The Samba team expects exploits that pinpoint possible routes of attacks, and their vectors will begin unabated once the Badlock bug patch is released.
Why Badlock?
In this information-saturated world, it can be difficult to gain the attention of those important players in the IT game. Giving bugs a snappy and memorable name ‒ as well as a logo ‒ helps focus attention on a potentially devastating problem. Awareness and brevity are the primary reasons for giving bugs this treatment.