The "Badlock" vulnerability
The "Badlock" vulnerability
[Security] Posted Apr 12, 2016 19:17 UTC (Tue) by corbet
The details for the "Badlock" vulnerability in the SMB
DCE-RPC protocol have finally been disclosed, along with the
obligatory logo and domain name; there is no word on the availability of
hats and T-shirts yet. It is a man-in-the-middle attack that can allow an
attacker to access files in an SMB share, or gain access to Active Directory
administrative tools, with the permissions of the
intercepted user. "Please update your systems. We are pretty sure that there will be exploits soon.
Engineers at Microsoft and the Samba Team worked together during the past months to get this problem fixed.
"