‘Badlock’ Bug: Everything You Need to Know
April 14, 2016
SerNet, a German company, launched the http://badlock.org/ and warned us in the late March that security updates for this critical vulnerability will be rolled out on April 12. Badlock, a serious vulnerability, they said, and would soon be exploited.
So, what is it all about and what should you do?
What is Badlock Bug?
Badlock is referenced for Microsoft Windows by CVE-2016-0128 / MS16-047 (Windows SAM and LSAD Downgrade Vulnerability) and for Samba by CVE-2016-2118 (SAMR and LSA man-in-the-middle attacks possible).
It is an elevation of privilege vulnerability. Using this vulnerability, a man-in-the-middle attacker is able to intercept communications between a client and a server hosting a SAM database and can exploit this to force the authentication level to downgrade, allowing the attacker to impersonate an authenticated user and access the SAM database. Badlock.org also claims that it facilitates Denial-of-Services (DoS) on services running Samba services.
How vulnerable are you?
Badlock vulnerability has been categorized ‘Medium’ by the National Vulnerability Database, which means that it is important but not as much as hyped. It can help with man-in-the-middle attacks. However, exploitation is difficult. The attacker must already have a position of advantage to cause serious harm. Additionally, there are other historical Windows weaknesses like MS08-067 that offer straightforward remote code execution (RCE), unlike Badlock.
What do Microsoft and Samba say?
Microsoft released security patches every Tuesday and this time they have rolled an update for Security Update for SAM and LSAD Remote Protocols along with other issues. It has been rated ‘Important’’.
Meanwhile, Samba has a more detailed summary of the issue.
What should you do now?
As communicated to Indusface customers, Indusface Web Application Scanning will detect and report the Badlock vulnerability. And Indusface Web Application Firewall protects your front-end web applications and is not vulnerable to Badlock.
You should also update the security patch immediately. Like we always say, security patches are not to be missed no matter what the criticality of the vulnerability is.
For Microsoft Windows: Please visit https://technet.microsoft.com/en-us/security/bulletin/dn602597.aspx for security updates rolled out this week. This also includes a patch for Badlock under Security Update for SAM and LSAD Remote Protocols title.
For Samba: Samba has already patched the following versions:
- 4.2.10 / 4.2.11
- 4.3.7 / 4.3.8
- 4.4.1 / 4.4.2
- 4.0.26
- 3.6.25
Look for them at https://www.samba.org/samba/history/security.html
Note: Even if you think that you do not offer CIFS/SMB, there are always unintentional ways of falling for the vulnerability.
Indusface Total Application Security
Hundreds of vulnerabilities are uncovered every week and it is difficult to keep track of all of them, especially when your business priorities are more critical. Indusface Total Application Security acts as your extended security arm to keep a track of these vulnerabilities and breaking them down by criticality for you.
Whenever there is a new threat, we assess it and notify our customers with security experts’ advice on how should they ensure the safety of their applications and business from hackers.
You can start with the AppTrana Free Forever Website Security Scan to find out how it works.
Stay tuned for more relevant and interesting security articles. Follow Indusface on Facebook, Twitter, and LinkedIn.
