Microsoft announcing their April patches, including patch for Badlock

Monday April the 11th was a busy day for the cybersecurity community, with Microsoft announcing their April patches as well as the patch for Badlock.

Tod Beardsley, Rapid7  Security Researcher Manager, commented on this and specifically their patch for Badlock. He commented:

“While I do recommend you roll out the patches as soon as possible – as I generally
do for everything – I don’t think Badlock is the ‘Bug To End All Bugs’. In reality,
an attacker has to already be in a position to do harm in order to use this, and if
they are, there are probably other, worse (or better, depending on your point of
view) attacks they may leverage. Badlock, describes a Man­-in­-the-­Middle (MitM)
vulnerability affecting both Samba’s implementation of SMB/CIFS (as CVE­2016­2118)
and Microsoft’s (as CVE­2016­0128). This is not a straightforward remote code
execution vulnerability, so it is unlike MS08­067 or any of the historical RCE
vulnerabilities against SMB/CIFS. The most likely attack scenario is an internal
user who is in the position of intercepting and modifying network traffic in
transit, to gain privileges equivalent to the intercepted user. While some SMB/CIFS
servers exist on the Internet, this is generally considered poor practice, and
should be avoided anyway.

For Samba administrators, the easy advice is to just patch up now. If you’re
absolutely sure you’re not offering CIFS/SMB over the Internet with Samba, check
again. Unintentionally exposed services are the bane of IT security with the porous
nature of network perimeters. While you’re checking, go ahead and patch, since both
private and public exploits will surface eventually. You can bet that exploit
developers around the world are poring over the Samba patches now.

For Microsoft Windows administrators Badlock is apparently fixed in MS16­047. While
Microsoft merely rates this as “Important,” there are plenty of other critically
rated issues released, so IT organisations are advised to use their already
­negotiated change windows to test and apply this latest round of patches.”

Adam Nowak, Rapid7 Active Lead Engineer also vocalised a general comment from this patch Tuesday. He commented:

“April continues the long-running trend where the majority of bulletins (9) address remote code execution (RCE) vulnerabilities; the remaining address elevation of privilege (2), security feature bypass and denial of service (DOS). All critical bulletins are remote code execution issues affecting a variety of products and platforms including Adobe Flash Player, Edge, Internet Explorer, .NET Framework, Office, Office Services and Web Apps, Skype for Business, Lync and Windows (client and server) .

This month Microsoft resolves 29 vulnerabilities across 13 bulletins with MS16-037, MS16-038, MS16-039 and MS16-042 as the bulletins to watch out for, addressing 19 vulnerabilities. Since a wide range of products are affected this month all Microsoft users should be on alert. Users should pay particular attention to MS16-039 -Security Update for Microsoft Graphics Component as this bulletin resolves two vulnerabilities that have been known to be exploited ( CVE-2016-0165 and CVE-2016-0167).

Users should be wary of untrusted sources as maliciously crafted content could allow an attacker to remotely execute code in-order to gain the same rights as your user account. Your best protection against these threats is to patch as quickly as possible.”

Image Source: Pixbay

Ben Loughton

A security analyst with an array of practical skills built up from the field of computing, IT and computer security.

You may also like...