back to article Bug hype haters gonna hate hate hate: Badlock flaw more like Sadlock

The Badlock flaw in Windows and Samba file servers has been revealed after weeks of hype and anticipation. It is not as critical as feared, but it's still an annoyance. Fixes and mitigations are available today. In late March, we were alerted to what was described as a "crucial security bug" in Windows and Unix-flavored SMB …

  1. Jeremy Allison

    Not quite right.

    You must be on the same network as the client connecting to the AD-DC, but you don't need to be able to sniff any traffic, just be able to spoof the client to connect to you instead of the correct DC.

    It's the first protocol-level bug in DCE RPC I'm aware of, and Metze did an amazing job both finding it, working out the implications and creating the required fixes for this. Also many other engineers put in long

    Not gonna comment on the "badlock" website, only that it wasn't a Samba Team activity.

    1. diodesign (Written by Reg staff) Silver badge

      Re: Not quite right

      Sorry, which bit isn't quite right? I mean, the Samba team wrote: "A man in the middle can intercept any DCERPC traffic between a client and a server in order to impersonate the client."



      1. Jeremy Allison

        Re: Not quite right

        The "sniffing the traffic" bit isn't required. Just get the client to connect to you and bobs-yer-uncle ! :-).

        1. Phil W

          Re: Not quite right

          "The "sniffing the traffic" bit isn't required. Just get the client to connect to you and bobs-yer-uncle ! :-)."

          While that's probably true, unless you're already familiar with the target environment and know everything required about the client and servers involved, I'm not sure that you'd have anywhere to start without sniffing some traffic to identify your targets.

  2. Stevie


    " Giving it a name and a logo was supposed to raise awareness, however, it means the next proper big bug with a codename and badge may be taken less seriously than it should."

    I have some bad news for you. Any bug with a codename and a badge is only taken seriously by those who coined the name and minted the badge.

    That's how we still see unpatched heartbleed vulnerabilities. If the initial attack had been a tad more subtle I don't doubt we'd still be seeing the I Heart You vulnerability too, but being belted over the head with a brick so hard you see God is bound to get everyone's attention.

    1. a_yank_lurker

      Re: Bah!

      The problem is not that the bug exists and maybe quite serious - not expert enough to judge - but that it is heavily hyped. The hype may be taking focus away from even more serious security issues. Cry wolf too many times and the audience becomes rather jaded and sloppy about securing their kit.

      1. Robert Carnegie Silver badge

        Re: Bah!

        Competent professionals won't be distracted by the hype. Instead they will use the hype to increase non-IT colleagues' awareness and understanding of the need to maintain and patch all the systems that a business uses, whether there is a logo campaign and T-shirt or just a faceless bug number.

  3. Bob Dole (tm)

    I'm waiting for the theme song. Maybe something by Katy Perry.

  4. This post has been deleted by its author

  5. david 12 Silver badge

    MS Windows ?

    The listed problems are all in Samba, not in "Samba and Windows". They all appear to be Samba-specific errors. None of them look like the kind of problems that would be shared with another implementation.

    But the publicity says "Windows", and MS has also listed a patch. What is the nature of the Windows patch and the Windows problem?

    1. diodesign (Written by Reg staff) Silver badge

      Re: MS Windows ?

      The first listed bug – CVE-2016-2118 / CVE-2016-0128 - affects Samba and Windows. It's a protocol design bug.


      1. david 12 Silver badge

        Re: MS Windows ?

        Thanks. The Windows vulnerability was still unpublished/reserved when I posted.

  6. Anonymous Coward
    Anonymous Coward


    Uh, which of these actually applies to Windows servers? I can clearly see that every one of them applies to Samba servers, but most of them don't look at all applicable to Windows.

    I accept that I may have missed that crucial detail along with all the hype. Sometimes it's nice to be busy.

    1. diodesign (Written by Reg staff) Silver badge

      Re: Windows?

      CVE-2016-2118 / CVE-2016-0128 is the protocol design flaw that affects Samba and Windows.


      1. A Non e-mouse Silver badge

        Re: Windows?

        Er, according to the article, CVE-2016-0128 is the Windows one. '2118 is the SAMBA one.

  7. Mage Silver badge

    So ...

    If your LAN doesn't leak via WiFi or Internet Router and is in a private location, no public. Then it's not a big deal?

  8. Jeremy Allison

    Register article is pretty good all in all !

    Best comment I've seen on Infosec "reporting". From Alexander Bokovoy:

    "Overall reaction is exactly by throwing content out and concentrating on the messenger. To give you a level of incredible misunderstanding what the content is, here is a quote from '', a site that is associated with Kaspersky Lab:

    "As it turns out, Badlock was hardly the remote code execution monster many anticipated. Instead, it’s a man-in-the-middle and denial-of-service bug, allowing an attacker to elevate privileges or crash a Windows machine running Samba services."

    The end of the second sentence is all you need to know about infosec news reporting."

  9. Jeremy Allison

    How Badlock Was Discovered and Fixed

    Fantastic article from Alexander Bokovoy on

    how this thing was found and fixed !

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like