Not so bad lock…
Couple of quick words about the #badlock bug, because I don’t think it deserves much more at this point.
The world didn’t end, the sky didn’t fall. The details were revealed and patches are out. So, you know.. patch, maybe.
The summary is following:
== Summary: A man in the middle can intercept any DCERPC
== traffic between a client and a server in order to
== impersonate the client and get the same privileges
== as the authenticated user account. This is
== most problematic against active directory
== domain controllers.
And here are the advisory page links
Published: April 12, 2016 Version: 1.0 This security update resolves a vulnerability in Microsoft Windows. The…technet.microsoft.com
== Subject: SAMR and LSA man in the middle attacks possible == == CVE ID#: CVE-2016-2118 (a.k.a. BADLOCK) == =…www.samba.org
So basically, the attacker needs to be in position to man-in-the-middle the traffic in your network in order to exploit this flaw . While this is of course serious, elevating yourself to MitM position isn’t completely trivial (assuming “standard enterprise network” practices are in place) and if the attacker should succeed to get that far, they already have foothold and persistence and you’re probably going to have a really bad day anyhow. They don’t really need this bug to be dangerous at that point.
To put some more perspective to this: Microsoft didn’t even bother to classify this as Critical. It’s only classified as Important. As it probably should be.
It seems to me that the Samba developers might have trolled the entire InfoSec industry by hyping this up unnecessarily. Maybe this was just a show to prove how silly vulnerability branding has become. Well played in that case.
The other option is much uglier. They did this to artificially create hype for their own consultancy company. If that is the case then shame on you. Shame on you.
The bottom line is: This sort of waffling erodes trust. Next time the Samba project announces something important, I’m not so sure people will listen. Crying wolf does that to you.
And that’s a real shame. That’s all there really is to say about this debacle.
Go and patch your boxes. Microsoft released several other, critical bulletins today, SANS ISC has the summary here:
SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring…isc.sans.edu
Over and out.