Submission + - Badlock Vulnerability Falls Flat Against Hype (threatpost.com)
msm1267 writes: Weeks of anxiety and concern over the Badlock vulnerability ended today with an anticlimactic thud.
Badlock was the security boogeyman since the appearance three weeks ago of a website and logo branding the bug as something serious in Samba, an open source implementation of the server message block (SMB) protocol that provides file and print services for Windows clients.
As it turns out, Badlock was hardly the remote code execution monster many anticipated. Instead, it’s a man-in-the-middle and denial-of-service bug, allowing an attacker to elevate privileges or crash a Windows machine running Samba services.
SerNet, a German consultancy behind the discovery of Badlock, fueled the hype at the outset with a number of since-deleted tweets that said any marketing boost as a result of its branding and private disclosure of the bug to Microsoft was a bonus for its business.
For its part, Microsoft refused to join the hype machine and today in MS16-047 issued a security update it rated “Important” for the Windows Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD). The bulletin patches one vulnerability (CVE-2016-0128), an elevation of privilege bug in both SAM and LSAD that could be exploited in a man-in-the-middle attack, forcing a downgrade of the authentication level of both channels, Microsoft said. An attacker could then impersonate an authenticated user.
Badlock was the security boogeyman since the appearance three weeks ago of a website and logo branding the bug as something serious in Samba, an open source implementation of the server message block (SMB) protocol that provides file and print services for Windows clients.
As it turns out, Badlock was hardly the remote code execution monster many anticipated. Instead, it’s a man-in-the-middle and denial-of-service bug, allowing an attacker to elevate privileges or crash a Windows machine running Samba services.
SerNet, a German consultancy behind the discovery of Badlock, fueled the hype at the outset with a number of since-deleted tweets that said any marketing boost as a result of its branding and private disclosure of the bug to Microsoft was a bonus for its business.
For its part, Microsoft refused to join the hype machine and today in MS16-047 issued a security update it rated “Important” for the Windows Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD). The bulletin patches one vulnerability (CVE-2016-0128), an elevation of privilege bug in both SAM and LSAD that could be exploited in a man-in-the-middle attack, forcing a downgrade of the authentication level of both channels, Microsoft said. An attacker could then impersonate an authenticated user.
