Security Software & Equipment Store

Friday, April 15, 2016

Does "Badlock" Present a Legitimate Threat to Windows and Samba Users?

The Security Account Manager Remote (SAMR) and Local Security Authority (Domain Policy) (LSAD) protocols do not properly establish Remote Procedure Call (RPC) channels, which may allow any attacker to impersonate an authenticated user or gain access to the SAM database, or launch denial of service attacks. This vulnerability is also known publicly as "Badlock". The SAMR and LSAD remote protocols are used by Windows and Samba (for UNIX-like platforms) to authenticate users to a Windows domain. A flaw in the way these protocols establish RPC channels may allow an attacker to impersonate an authenticated user or gain access to the SAM database. CVE-2016-2118 identifies this vulnerability in Samba, while CVE-2016-0128 identifies this vulnerability in Windows. The Badlock name launched a guessing campaign in the security community about what the flaw might be. Many assumed the name was a hint about the bug’s nature. The name, SerNet said today in a blog post, “was meant to be a rather generic name and does not point to any specifics.” So, is "Badlock" more hype than a bona fide threat? In this era of cyber terrorism no threat should be taken lightly, yet with limited InfoSec resources many organizations cannot address every 'possible' threat the same. Share your thoughts with the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/


No comments:

Post a Comment