Save the Date: on April 12, 2016 a critical security bug on Windows and Samba will be disclosed



Security researchers have discovered a security vulnerability that affects almost every version of Windows and Samba.

The vulnerability will be patched on April 12, 2016.

BadLock


From Badlock.org:

On April 12th, 2016 a crucial security bug in Windows and Samba will be disclosed. We call it: Badlock.

Engineers at Microsoft and the Samba Team are working together to get this problem fixed. Patches will be released on April 12th.


Who found the bug?

Badlock was discovered by Stefan Metzmacher, a member of the international Samba Core Team.

He reported the bug to Microsoft and has been working closely with them to fix the problem.

But, why this pre-patch hipe?

csoonline.com says:

I think that Badlock is likely one of the worst examples of marketing and hype for a vulnerability that we’ve seen to date.

Even Heartbleed didn’t have a teaser notification three weeks out. To make matters worse, the company that owns the domain promoting the vulnerability is glad for the marketing opportunity it’s providing.

Granted, there are valid reasons for naming vulnerabilities, as it brings attention to an issue that can be shared with a wider audience – at least it’s better than using CVE or MS patch IDs.

Likewise, giving administrators a heads-up on something is okay too, but three weeks?

If there is a need to bring attention to Badlock, what’s the point of a teaser? Why couldn’t the branding and website promotion wait until the patch was released?

Again it’s sales.


Published: March 24 2016