Badlock is a recently-announced security bug in Windows and Samba. Though few details have been released, it is thought to affect Server Message Block (SMB), the protocol used to read and write files over a local network. Please note that machines running Linux and OS X may provide services through Samba. Staff that administer those systems should check the full release info tomorrow for more details.
Patches will be released tomorrow by 17:00 UTC. Microsoft typically releases patches at this time, on “Patch Tuesdays”, so Microsoft’s patches will likely be available. For typical desktop/laptop users, just make sure that you allow the patch to be applied as normal, and allow the machine to reboot.
For admins running systems that use Samba for SMB shares, patches will be available for Samba 4.4, Samba 4.3, and Samba 4.2. It is recommended that Samba users upgrade to version 4.4.0. Samba 4.1 and below are discontinued, and are not eligible for security fixes. However, some vendors may backport patches.
For more information, please see:
- http://badlock.org/
- https://www.riskbasedsecurity.com/2016/03/bad-luck-over-the-upcoming-badlock-vulnerability/
- http://www.infoworld.com/article/3048452/security/the-badlock-bug-start-your-patch-prep-today.html
- http://www.eweek.com/security/badlock-bug-looms-large-as-april-deadline-nears.html
- http://www.wired.com/2016/03/hype-around-mysterious-badlock-bug-raises-criticism/