March 26, 2016




Security researchers have discovered a nasty security vulnerability that is said to affect almost every version of Windows and Samba and will be patched on April 12, 2016, the Samba development team announced Tuesday.


So, Save the Date if you are a Windows or Samba file server administrator.


Developers from Microsoft and Samba are working on a security patch to fix a severe vulnerability that affects almost every version of Windows and Samba.


Samba, which is present in nearly all Linux distributions, is a free software which implements the SMB/CIFS networking protocol to provide file and print services. Samba is also installed as a component of *BSD and OS X systems, it can integrate with Windows Active Directory and can act as a domain controller or as a domain member, Samba it popular because it allows a stable integration between Linux systems and Active Directory.


In 2015, Another Samba critical flaw was patched, it was a remote code execution vulnerability (CVE-2015-0240) that received a CVSS score of 10.


The flaw dubbed Badlock has been discovered by Stefan Metzmacher from SerNet firm which is also a member of the Samba Core Team. Badlock is a critical vulnerability that Microsoft and Samba developers plan to fix in the next Patch Tuesday, on April 12, 2016.


The researchers are sure that the Badlock flaw will be exploited once they will publicly disclose its details.


“Badlock was discovered by Stefan Metzmacher. He’s a member of the international Samba Core Team and works at SerNet on Samba. He reported the bug to Microsoft and has been working closely with them to fix the problem.” is reported on the website.
The experts at SerNet have developed a website that will include all the information related to the Samba issue.


Details about the Badlock vulnerability will be disclosed on April 12, when the developers of Microsoft and Samba release security patches to fix the flaw.


With a proper name, website and even logo, Badlock seems to be another marketed vulnerability that will likely be exploited by hackers once its details become public.


Here’s what website reads:

On April 12th, 2016 a crucial security bug in Windows and Samba will be disclosed. We call it: Badlock. Engineers at Microsoft and the Samba Team are working together to get this problem fixed. Patches will be released on April 12th.


Admins and all of you responsible for Windows or Samba server infrastructure: Mark the date. (Again: It’s April 12th, 2016.) Please get yourself ready to patch all systems on this day. We are pretty sure that there will be exploits soon after we publish all relevant information.


Although this sort of pre-notification is appreciated, especially for system administrators to help them apply the patch as soon as possible, the security blunder could also benefit the bad guys.


Security experts also believe that the available information might be enough for malicious hackers to independently find Badlock and exploit the vulnerability before a patch is released.