Microsoft's Patch Tuesday deals with Badlock Bug

Industry experts weigh in on what they think of this Patch Tuesday

Microsoft has moved to fix 13 problems affecting its products, including a patch for the infamous Badlock bug that has been plaguing Samba.

The update addresses a number of issues, six of which are classified as critical.

As noted in Microsoft's bulletins, 31 specific vulnerabilities were dealt with today's patch. All of which were problems that could have resulted in remote code execution, elevation of privilege, denial of service or a security feature bypass with the absence of the patch.

Eight of the flaws are associated with Badlock, but experts are mostly in agreement that things are not as bad as initially thought.

Advertisement - Article continues below

The vulnerability (MS16-047 / CVE-2016-0128) is a man in the middle (MITM) attack on specific RPC traffic. An attacker that's properly placed can listen in on RPC traffic and force a session to downgrade its authentication level.

"This allows a basic hijack of the session and a privilege escalation that could allow an attacker to full access to administrative tasks and the user database (SAM) on the remote server," said Trustwave's threat intelligence manager Karl Sigler.

"This is certainly a concern and admins should patch their systems as early as possible. However, I can't say that this vulnerability rises to any level that deserves the focus that a dedicated website and three weeks of buildup have given Badlock."

MS16-037 is a cumulative security update for Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user, according to Siglar.

There was also a cumulative update for the Edge browser too. MS16-038 could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.

There were also updates for the Microsoft Graphics Component (MS16-039) that affected editions of Microsoft Office 2007 and Microsoft Office 2010. There was also an update for Microsoft XML Core Service, rated critical, on all supported releases of Microsoft Windows.

Other updates covered the .NET Framework, Office, Windows OLE, Hyper-V and a host of other security issues.

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now



The IT Pro Podcast: Is the future multi-cloud?

29 Nov 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Microsoft Teams surpasses 20 million daily users

20 Nov 2019

Microsoft Surface Pro 7 review: Slightly faded glory

15 Nov 2019

Most Popular

Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019