Skip to main content

Server Message Block Protocol Vulnerability

VUIT Security Notice: Vulnerability found in Server Message Block (SMB) Protocol, patch immediately

Vanderbilt IT would like to bring the following information to the technical community’s attention, especially those who use Windows or Samba.

A critical security bug, called Badlock, will be announced on April 12 and will affect almost all versions of Microsoft Windows and Samba.

The bug is likely a flaw in the Server Message Block (SMB) protocol, which Windows and open-source Samba both implement to share files between computers over a network. Samba is typically used on Linux, BSD, OS X and other Unix-flavored systems to interact with Microsoft-powered machines.

Updates or hot fixes should be applied immediately. All system administration resources should be prepared to be available on April 12, the day of its release.

Patches will be available for Samba 4.4, Samba 4.3 and Samba 4.2 on April 12 around 11 a.m. With the release of Samba 4.4.0 on March 22, the 4.1 release branch has been marked “discontinued.” Those using 4.1 or earlier should update to 4.2 or later immediately.

Windows patches are expected to be released on the April 12 around 11 a.m.

Immediately following the disclosure of the Badlock security bug, VUIT Security Operations will begin blocking SMB traffic on ports 137 through 139 and 445 (TCP and UDP) at the university’s perimeter firewall. SMB traffic is already blocked at the perimeter for the Medical Center. Admins that require an exception for a service using SMB through the perimeter (incoming/outgoing) will need to submit a firewall rule request form through Pegasus at https://pegasus.mc.vanderbilt.edu/NewRequest.aspx?id=210.

VUIT will continue to monitor this vulnerability closely. The team is waiting for more information to become available and will communicate updates as soon as possible.

For more information, please contact VUIT Security Operations at vuit.incident.response@vanderbilt.edu.

Sources and References:
http://badlock.org/
https://www.sernet.de/en/news/news-detail/detail/badlock-ankuendigung-eines-schwerwiegenden-bugs/
http://www.theregister.co.uk/2016/03/22/badlock_bug/