The Hacker News Logo
Subscribe to Newsletter

Badlock — Unpatched Windows-Samba Vulnerability Affects All Versions of Windows

badlock
Security researchers have discovered a nasty security vulnerability that is said to affect almost every version of Windows and Samba and will be patched on April 12, 2016, the Samba development team announced Tuesday.

So, Save the Date if you are a Windows or Samba file server administrator.

Samba is a free, open source implementation of the SMB/CIFS network file sharing protocol that runs on the majority of operating systems available today, including Windows, UNIX, Linux, IBM System 390, and OpenVMS.

Samba allows non-Windows operating systems, like GNU/Linux or Mac OS X, to communicate with the same networking protocol as the Windows products, thus enabling users to access network shared folders and files from Windows OS.

Dubbed Badlock, the vulnerability has been discovered by Stefan Metzmacher, a developer of Samba Core Team.

Details about the Badlock vulnerability will be disclosed on April 12, when the developers of Microsoft and Samba release security patches to fix the flaw.

With a proper name, website and even logo, Badlock seems to be another marketed vulnerability that will likely be exploited by hackers once its details become public.

Here's what Badlock.org website reads:

On April 12th, 2016 a crucial security bug in Windows and Samba will be disclosed. We call it: Badlock. Engineers at Microsoft and the Samba Team are working together to get this problem fixed. Patches will be released on April 12th.

Admins and all of you responsible for Windows or Samba server infrastructure: Mark the date. (Again: It's April 12th, 2016.) Please get yourself ready to patch all systems on this day. We are pretty sure that there will be exploits soon after we publish all relevant information.

Although this sort of pre-notification is appreciated, especially for system administrators to help them apply the patch as soon as possible, the security blunder could also benefit the bad guys.

Security experts also believe that the available information might be enough for malicious hackers to independently find Badlock and exploit the vulnerability before a patch is released.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.