Badlock Vulnerability — Pre-Release Analysis
SHARE
back to BLOG

Badlock Vulnerability — Pre-Release Analysis

David Robinson

It seems that merely releasing a vulnerability with a cool logo and marketing budget isn’t enough these days. Like the movie studio behind a blockbuster film, the authors of the Badlock vulnerability have decided to go all out and start their marketing in advance of their disclosure.Details of what the bug actually allows an attacker to do will not be provided until 17:00 GMT on Tuesday 12th April, so we won’t know how serious it is until then. However, there are a few limited details available.

According to the author’s website, the vulnerability affects the file and printer sharing protocol (known as SMB) on both Windows and Linux/Unix. As SMB is generally designed for sharing files and communicating with printers on an internal company network, it’s the kind of service you shouldn’t need to expose to the internet.

As a result, although it is rare to find SMB exposed to the internet, a quick search on Shodan identifies it on around 51,000 (or about 0.4%) of all internet facing systems in the UK.

Exposing unnecessary services to the Internet always carries a risk that a vulnerability will be discovered and create an entry point for an attacker. That’s why we’ve been advising our customers to lock down unnecessary services like SMB since we created the Intruder continuous security monitoring service last year, and I’m pleased to say that none of them are currently exposing SMB to the Internet.

Even if you’re not using the Intruder service yet, there are a number of things you can do to get ready for tomorrow’s release:

If you’re unsure if your organisation is currently exposing SMB to the internet, we’d be happy to help you find out. Just send an email to david@intruder.io.

For those interested, the (currently limited) details of the vulnerability can be found at badlock.org.

Written by

David Robinson

Recommended articles

Ready to get started with your 30-day trial?

try for free
BACK TO TOP