Security researchers have discovered a security vulnerability that affects almost every version of Windows and Samba.
The vulnerability will be patched on April 12, 2016.
On April 12th, 2016 a crucial security bug in Windows and Samba will be disclosed. We call it: Badlock.
Engineers at Microsoft and the Samba Team are working together to get this problem fixed. Patches will be released on April 12th.
Who found the bug?
Badlock was discovered by Stefan Metzmacher, a member of the international Samba Core Team.
He reported the bug to Microsoft and has been working closely with them to fix the problem.
But, why this pre-patch hipe?
I think that Badlock is likely one of the worst examples of marketing and hype for a vulnerability that we’ve seen to date.
Even Heartbleed didn’t have a teaser notification three weeks out. To make matters worse, the company that owns the domain promoting the vulnerability is glad for the marketing opportunity it’s providing.
Granted, there are valid reasons for naming vulnerabilities, as it brings attention to an issue that can be shared with a wider audience – at least it’s better than using CVE or MS patch IDs.
Likewise, giving administrators a heads-up on something is okay too, but three weeks?
If there is a need to bring attention to Badlock, what’s the point of a teaser? Why couldn’t the branding and website promotion wait until the patch was released?
Again it’s sales.
- OpenSSL Security Advisory, 3rd May 2016: Patch, Patch ASAP!
- Tor in a company network: how to detect and block it?
- Mazar BOT campaign in Denmark and Italy
- BadLock: let's take stock of situation!
- The Panama Papers Leak – What You Need To Know
- Frederike Kaltheuner @ #IJF16: understanding predictive privacy harms