My next class:

BadLock Vulnerability (CVE-2016-2118)

Published: 2016-04-12. Last Updated: 2016-04-12 17:20:11 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

Today, Microsoft and the SAMBA team jointly released a fix for CVE-2016-2118 , a vulnerability also known as BadLock".  While a man in the middle and DoS vulnerability may not quite be the type of vulnerability everybody was waiting for, it should still be taken seriously and patched.

You are of course the most at risk if you are allowing SMB traffic over un-trusted networks, which has always been a bad idea. Exploitation of a man-in-the-middle vulnerability does require that the attacker is able to intercept traffic. The use of a VPN would prevent exploitation.

What to tell your Boss/Spouse/Parent

Due to the hype associated with this vulnerability, you will likely get a lot of questions about it. Overall, nothing fundamentally changed:

  • Patch as you get to it, but no reason to rush this one
  • Do not use SMB over networks you don't trust
  • Firewall SMB inbound and outbound
  • If you need to connect to remote file shares, do so over a VPN.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords:
1 comment(s)
My next class:

Comments

I just listened to the webinar and Johann made reference to KB3148597 containing the patch. When I checked my reference machine after installing the WSUS morning delivery I did not find that KB but I did find KB3149090, which is the correct update that patches the vulnerability. I don't know what the difference in KB article numbers is about but thought I would share here for anyone that may get confused. If the machine has update KB3149090 it is patched and protected against BADLOCK as of today.

Diary Archives