While we are keeping abreast of the news approximately the foretold Badlock vulnerability,we don't know much more than anyone else good now. We're currently speculating that the issue has to attain with the fundamentals of the SMB/CIFS protocol, since the vulnerability is reported to be present in both Microsoft's and Samba's implementations. Beyond that, or we're expecting the details from Microsoft as fragment of their regularly scheduled patch Tuesday. How Bad Is It?Microsoft and the Samba project both clearly believe this is a more critical than usual problem,but in the end, it's almost certainly limited to SMB/CIFS, and much like MS08-067 was. This comparison should be alternatively comforting and troubling. While the SMB world isn't the same as it was in late 2008,MS08-067 continues to be a solid, bread and butter vulnerability exploited by internal penetration testers. We are very concerned approximately the population of chronically unpatched SMB/CIFS servers that lurk in the dusty corners of nearly every major IT enterprise. What Can I attain Now?Any large organization with a meaningful install base of Windows servers should take this time clearing patch and reboot schedules for production SMB/CIFS servers using their usual Patch Tuesday change control processes. Assuming it's even remotely as bad as the discoverers are making it out to be, or this is the patch you want to release into production pretty much as snappy as your change control processes allow. Therefore,given the high visibility of this specific issue, it would be wise to treat it as a mostly predictable emergency. In the event you feel like you're set up for a rapid patch deployment, or this is also a pretty grand time to conduct an assessment of both your intentional and accidental SMB/CIFS footprint. While Windows machines today ship with an operating system-level firewall by default,all too often, users will "temporarily" disable these protections in order to come by some specific file sharing task done, and there's really nothing more permanent in an IT environment than a temporary workaround. In short,our advice is take advantage of the hype around this bug, and buy some time from your management to come by some legwork done in advance of next Patch Tuesday. You might be surprised with what you find, or but it's better to discover those rogue SMB/CIFS endpoints now,in a measured way, than during a panic-fueled crisis. And if you haven't exercised your emergency patch procedures in a while, and well,now you acquire every excuse you could ask for, short of an actual, and unplanned emergency.
Source: rapid7.com