Badlock: What we know so far
It seems like every vulnerability these days is given a branded makeover (see POODLE and Heartbleed) and Badlock is no different. Before the technical details have even been disclosed it already has its very own website and logo, but just what is Badlock? With the technical details scarce, Andrew Waite, Leading IT Security Consultant at Managed Services experts Onyx Group, takes a look at how concerned you should be, and the steps you can take today to help secure your systems.
What is Badlock?
As we have previously mentioned the technical details of Badlock are scarce as the vulnerability has only been pre-announced, however it is believed to be a critical vulnerability affecting Windows systems’ SMB stack, and Samba (an open source implementation of the SMB protocol)
Microsoft have already announced that there will be a patch to rectify this vulnerability which is due to be released on the 12th of April as part of their regular patch Tuesday schedule, and we recommend that this is applied as soon as possible.
Should I be concerned?
Yes and no. There is no way of telling just how dangerous this vulnerability could be with the limited amount of information that is available. Thankfully the flaw has been responsibly disclosed and at the time of writing, there is no public exploit code currently available so although systems may be technically vulnerable, they shouldn’t be at risk of immediate exploitation.
However, with the vulnerability gathering some serious media coverage, we expect the ‘dark side’ of the security world to be eagerly awaiting the 12th of April to begin reverse engineering the patch, revealing the nature of the vulnerability giving them chance to exploit machines running unpatched software.
What can be done in the meantime?
Whilst waiting for the patch to be released, we recommend that you begin a preliminary investigation to see if your systems are running the effected versions of SMB / Samba. This way, when the patch is made available, you are reducing the time it takes to deploy the fix and secure your systems.
We will continue to keep an eye on the situation and inform you of any developments, but in the meantime if you do have any concerns please get in touch with the security team on 0800 970 92 92 to speak to one of our expert consultants.