Last Updated: 2016-04-12 17:20:11 UTC
by Johannes Ullrich (Version: 1)
Today, Microsoft and the SAMBA team jointly released a fix for CVE-2016-2118 , a vulnerability also known as BadLock". While a man in the middle and DoS vulnerability may not quite be the type of vulnerability everybody was waiting for, it should still be taken seriously and patched.
You are of course the most at risk if you are allowing SMB traffic over un-trusted networks, which has always been a bad idea. Exploitation of a man-in-the-middle vulnerability does require that the attacker is able to intercept traffic. The use of a VPN would prevent exploitation.
What to tell your Boss/Spouse/Parent
Due to the hype associated with this vulnerability, you will likely get a lot of questions about it. Overall, nothing fundamentally changed:
- Patch as you get to it, but no reason to rush this one
- Do not use SMB over networks you don't trust
- Firewall SMB inbound and outbound
- If you need to connect to remote file shares, do so over a VPN.