Blog
\
Vulnerabilities and Threats

Badlock Vulnerability — Pre-Release Analysis

David Robinson
Author
David Robinson
Updated
September 8, 2023
|
Published
April 11, 2016
|
min read

Key Points

It seems that merely releasing a vulnerability with a cool logo and marketing budget isn’t enough these days. Like the movie studio behind a blockbuster film, the authors of the Badlock vulnerability have decided to go all out and start their marketing in advance of their disclosure.Details of what the bug actually allows an attacker to do will not be provided until 17:00 GMT on Tuesday 12th April, so we won’t know how serious it is until then. However, there are a few limited details available.

According to the author’s website, the vulnerability affects the file and printer sharing protocol (known as SMB) on both Windows and Linux/Unix. As SMB is generally designed for sharing files and communicating with printers on an internal company network, it’s the kind of service you shouldn’t need to expose to the internet.

As a result, although it is rare to find SMB exposed to the internet, a quick search on Shodan identifies it on around 51,000 (or about 0.4%) of all internet facing systems in the UK.

Exposing unnecessary services to the Internet always carries a risk that a vulnerability will be discovered and create an entry point for an attacker. That’s why we’ve been advising our customers to lock down unnecessary services like SMB since we created the Intruder continuous security monitoring service last year, and I’m pleased to say that none of them are currently exposing SMB to the Internet.

Even if you’re not using the Intruder service yet, there are a number of things you can do to get ready for tomorrow’s release:

  • Check that none of your internet facing systems are exposing SMB to the internet. SMB typically runs on TCP ports 137, 139 & 445 and UDP ports 137 & 138.
  • Ensure you have a robust vulnerability management process in place, which features regular assessments of newly released vulnerabilities and can prioritise critical threats as they occur.

If you’re unsure if your organisation is currently exposing SMB to the internet, we’d be happy to help you find out. Just send an email to david@intruder.io.

For those interested, the (currently limited) details of the vulnerability can be found at badlock.org.

Get our free

Ultimate Guide to Vulnerability Scanning

Learn everything you need to get started with vulnerability scanning and how to get the most out of your chosen product with our free PDF guide.

Download now
Author
David Robinson
,

Reviewed by
,

Quick links
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
mail icon
Get regular updates

Get our latest news, research, and expert advice, straight to your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Recommended articles

Memcached Code Execution Vulnerabilities — Intruder Vulnerability Bulletin
Vulnerabilities and Threats

Memcached Code Execution Vulnerabilities — Intruder Vulnerability Bulletin

A number of new vulnerabilities in Memcached were recently discovered, which affect versions of the software before 1.4.33.
Is the XZ Utils CVE-2024-3094 as bad as we fear?
Vulnerabilities and Threats

Is the XZ Utils CVE-2024-3094 as bad as we fear?

Find out everything you need to know about the xz-utils vulnerability (CVE-2024-3094) and what you should do if your systems are at risk.
Team Xball — DDoS Extortion Hoax
Vulnerabilities and Threats

Team Xball — DDoS Extortion Hoax

“We are the Team Xball and we have chosen your website/network as target for our next DDoS attack.”

Sign up for your free 14-day trial

Start today
7 days free trial