Tag Archives: Samba

Badlock: What You Need to Know

Yesterday as scheduled the Samba project and Microsoft made available their security updates to resolve the issue that was previously announced and named “Badlock.”

Why Should These Issues Be Considered Important?
While this issue is important (it affects a lot of Windows version from Server 2008/Vista up to and including Windows Server 2016/Windows 10), it’s severity was exaggerated in it’s announcement last month. Microsoft have assigned it an important severity rather than critical. They have done so since it is an elevation of privilege (EoP) (defined) issue that would allow an attacker to increase their privileges (which would allow them to cause even more harm) once they have already exploited another vulnerability to become present on your device in the first instance.

This vulnerability could allow an attacker to listen/analyse the traffic on your network; this technique is known as a man-in-the-middle-attack (MITM, defined). If your login credentials happened to be within the traffic the attacker gathers and analyzes there is a possibility they could obtain the unencrypted username and password used to access your device/account upon that device (even though your sensitive information is encrypted). Further discussion of this issue is available here.

How Can I Protect Myself from These Issues?
Updates from the Samba project and Microsoft are available to resolve this security issue. Please download and install them as soon as possible if you are affected by this issue.

=======================
Update: 13th April 2016:
Further information and advice for mitigating the Badlock issue is provided by US CERT in this vulnerability note. The Samba project also discusses its updated software releases in this release news post.
=======================

While there are no known issues with these updates at this time, as always I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Pre-Announcement of Samba (SMB/CIFS) Security Update

=======================
Update: 13th April 2016:

Further details as well as updates to resolve the Badlock issue are discussed in a more recent blog post.

Thank you.

=======================
Original Post:
=======================
Earlier this week an announcement was made by SerNet (a Samba consulting company who set up the Badlock website) that a critical security update would be made available on the 12th of April to address a vulnerability in the SMB/CIFs protocol (defined below) that is the basis of the open source Samba project. The 12th of April is the well-known second Tuesday of the month known as Update Tuesday (or Patch Tuesday) when Adobe, Microsoft and others commonly make available security updates on a scheduled basis.

Some advice that you can follow to better prepare for this update being made available is described in this SANS blog post as well as this very informative and practical InfoWorld article. Further background on this announcement can be found here.

I will publish another blog post on or very soon after the 12th of April to provide the appropriate information for you to address this vulnerability in a timely manner.

Thank you.

=====================
Aside:
=====================
What is the SMB/CIFS protocol?
The Server Message Block (SMB) protocol is also referred to as the Common Internet File System (CIFS) is an application layer (layer 7 of the OSI model) protocol that allows the sharing of printers but mainly provides file access/transfer in a Microsoft network using mapped network drives. Further features of SMB/CIFS are detailed in this Sophos blog post.

Samba is an open source (the source code (human readable code) is free to view and edit by the wider IT community) application that provides the above mentioned network services across Linux/Unix and Microsoft servers/clients.