1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Microsoft, Samba Badlock flaw not critical, but serious enough

Discussion in 'Network World' started by RSS, Apr 13, 2016.

  1. RSS

    RSS New Member Member

    Microsoft and the Samba project fixed a vulnerability in their implementation of the SMB/CIFS protocol after the flaw was initially announced three weeks ago under the name Badlock.

    The vulnerability, covered by Microsoft in its MS16-047 security bulletin published Tuesday, was also fixed in Samba 4.4.2, 4.3.8 and 4.2.11. It could allow a man-in-the-middle attacker to impersonate an authenticated user and execute arbitrary network calls to the server, possibly with administrative privileges.

    Badlock's existence was announced on March 22 by a company called SerNet, which offers Samba consulting, support and development services. It employs the person who found the flaw: a Samba development team member named Stefan Metzmacher.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page