Badlock/Bad Luck – What MSPs Can Do Before April 12th Patches

On April 6th, 2016, posted in: General by

BadLock

April 12th. Memorize that date.

In case you haven’t heard, a security vulnerability called Badlock was recently discovered in Windows and Samba. While the nature of the bug has not yet been revealed, patches along with details of the flaw will be released next week on April 12th. Ever since news of the vulnerability broke in March, hackers have been salivating at the mouth, ready to pounce. Indeed, some may have already discovered the bug. Since attackers will be eagerly awaiting the disclosure, once patches are released next week, Windows and Samba users must immediately patch their systems to prevent exploitation.

 

Badlock Bug Background (Details TBD)

“Please get yourself ready to patch all systems on this day. We are pretty sure that there will be exploits soon after we publish all relevant information.”

 

This warning comes straight from the official Badlock website and speaks to the growing anticipation within the cybercrime community. Although we don’t know where the Badlock bug lives, InfoWorld is attempting to connect dots by sharing hints given by SerNet, the Samba consulting company responsible for the Badlock website. Since Badlock implicates Windows and Samba users, it is likely that it “has something to do with the SMB protocol, used to read and write files over the local network, or Common Internet File System (CIFS), the SMB implementation used in Windows.” As a result, it may be reasonable to expect that any software using SMB will be impacted. Johannes Loxen, SerNet’s CEO, even spread speculation that with Badlock, attackers could obtain administrative access to local networks because the vulnerability would mean “admin accounts for everyone on the same LAN.” Again, nothing is certain, but even contemplating the implications of such an uncertainty should light a fire underneath you. Managing Badlock has to be priority one.

 

How You Can Prepare for April 12th

“Thinking will not overcome fear but action will.” ~W. Clement Stone~

 

You may be thinking that you don’t have to worry about Badlock until April 12th since you don’t know what it is you’re dealing with. Ever since Stefan Metzmacher, a member of the international Samba Core Team, discovered and reported the bug, there’s been a lot of hype around Badlock and what it means for users. Some even question the point of announcing the presence of a vulnerability weeks before MSPs and IT service providers can correct it. Still, all should take advantage of this 20-day advanced notice. As far as which patches will be available, the Badlock website lists Samba 4.4, Samba 4.3 and Samba 4.2. It is also important to note that all Windows machines are expected to be impacted.

 

If you’re a TotalCare Client…

In response, we will bypass our standard patch testing procedure and will whitelist this patch immediately upon its release so that it is available to you, our TotalCare Managed Services clients. To complete the patch installation, OC Tech will complete the following:

 

1. Ensure and/or update your patching policy to take place on Tuesday, April 12, 2016.

or

2. Be prepared to manually patch your Windows machines on April 12, 2016 as soon as the patch is whitelisted by our NOC.

 

We will continue to provide more specific information as it is made available, but wanted to make sure you know that we are preparing accordingly. For more information on Badlock, visit http://badlock.org/.

 

Comments are closed.