Badlock patch released today
'Critical bug' in Windows and Samba finally gets fixed
A patch to remediate the Badlock vulnerability is to be released today at 5PM UTC.
According to Badlock.org, patches will be available for Samba 4.4, Samba 4.3 and Samba 4.2. Version 4.1 of Samba has now been discontinued.
"Please be aware that Samba 4.1 and below are out of support, even for security fixes. We strongly advise users to upgrade to a supported release, so that you will not have to make a major version update at the time you need to get the security fix installed," a statement on the website said.
Badlock will also be assigned a CVE following the release of the patches.
Paul Farrington, senior solution architect at Veracode, said that after arguments around the naming of Badlock, he hoped at least that IT administrators across the country are aware of this new vulnerability and are ready to apply this essential patch to computers operating on Windows and Samba.
"The software and application layer continues to pose a significant threat to corporate information. Indeed, in 2014 alone there were eight major breaches through the application layer, resulting in more than 450 million personal or financial records stolen. And we aren't talking about small breaches at companies no one has heard of. Target, JPMorgan Chase, Community Health, and TalkTalk are four examples of companies that have suffered breaches due to vulnerabilities in software," he said.
29/03/2016: IT admin? Brace yourself for Badlock
An alleged critical bug has been discovered in Windows and interoperability suite Samba that could cause headaches for IT admins in mid-April.
The flaw has already been christened Badlock and given its own Heartbleed-like logo, while people have created a website for it and announced a patch release date - 12 April 2016.
But that is about all it has.
So far there's no information as to what kind of bug it is, where it resides, what it does - even what time of day the patch will be released, despite the site's creators claiming the reason for all the hype is to "give a heads up and to get [admins] ready to patch all systems as fast as possible".
But experts have speculated that it is a vulnerability in the Windows Server Message Block, owing to the facts that the site advises "admins and all of you responsible for Windows or Samba server infrastructure" to be ready for the 12 April patch and that Samba is a Server Message Block (SMB) implementation.
The bug was found by Stefan Metzmacher, a member of the international Samba Core Team and employee of systems integrator and Samba services provider, SerNet.
The versions of Samba that will receive the Badlock patch are listed (4.4, 4.3, 4.2) on the site, but there's no detail on which Windows Server versions are vulnerable.
However, Microsoft is not issuing an out-of-band patch for this - the next Patch Tuesday was always going to be on 12 April. Does that mean there is no reason to be worried? No. But there is probably no reason to panic frantically either.
How inkjet can transform your business
Get more out of your business by investing in the right printing technologyDownload now
Journey to a modern workplace with Office 365: which tools and when?
A guide to how Office 365 builds a modern workplaceDownload now
Modernise and transform your sales organisation
Learn how a modernised sales process can drive your businessDownload now
Your guide to managing cloud transformation risk
Realise the benefits. Mitigate the risksDownload now