Badlock patch released today

'Critical bug' in Windows and Samba finally gets fixed

A patch to remediate the Badlock vulnerability is to be released today at 5PM UTC.

According to, patches will be available for Samba 4.4, Samba 4.3 and Samba 4.2. Version 4.1 of Samba has now been discontinued.

"Please be aware that Samba 4.1 and below are out of support, even for security fixes. We strongly advise users to upgrade to a supported release, so that you will not have to make a major version update at the time you need to get the security fix installed," a statement on the website said.

Badlock will also be assigned a CVE following the release of the patches. 

Advertisement - Article continues below
Advertisement - Article continues below

Paul Farrington, senior solution architect at Veracode, said that after arguments around the naming of Badlock, he hoped at least that IT administrators across the country are aware of this new vulnerability and are ready to apply this essential patch to computers operating on Windows and Samba.

"The software and application layer continues to pose a significant threat to corporate information. Indeed, in 2014 alone there were eight major breaches through the application layer, resulting in more than 450 million personal or financial records stolen. And we aren't talking about small breaches at companies no one has heard of. Target, JPMorgan Chase, Community Health, and TalkTalk are four examples of companies that have suffered breaches due to vulnerabilities in software," he said.

29/03/2016: IT admin? Brace yourself for Badlock

An alleged critical bug has been discovered in Windows and interoperability suite Samba that could cause headaches for IT admins in mid-April.

The flaw has already been christened Badlock and given its own Heartbleed-like logo, while people have created a website for it and announced a patch release date - 12 April 2016.

But that is about all it has.

Advertisement - Article continues below

So far there's no information as to what kind of bug it is, where it resides, what it does - even what time of day the patch will be released, despite the site's creators claiming the reason for all the hype is to "give a heads up and to get [admins] ready to patch all systems as fast as possible".

But experts have speculated that it is a vulnerability in the Windows Server Message Block, owing to the facts that the site advises "admins and all of you responsible for Windows or Samba server infrastructure" to be ready for the 12 April patch and that Samba is a Server Message Block (SMB) implementation.

The bug was found by Stefan Metzmacher, a member of the international Samba Core Team and employee of systems integrator and Samba services provider, SerNet.

The versions of Samba that will receive the Badlock patch are listed (4.4, 4.3, 4.2) on the site, but there's no detail on which Windows Server versions are vulnerable.

However, Microsoft is not issuing an out-of-band patch for this - the next Patch Tuesday was always going to be on 12 April. Does that mean there is no reason to be worried? No. But there is probably no reason to panic frantically either.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular


How to use Chromecast without Wi-Fi

5 Feb 2020

The top ten password-cracking techniques used by hackers

10 Feb 2020
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020