April 12th. Memorize that date like it's your mother's birthday. April 12th.
In case you haven't heard, a security vulnerability called Badlock was recently discovered in Windows and Samba. While the nature of the bug has not yet been revealed, patches along with details of the flaw will be released next week, on April 12th. Ever since news of the vulnerability broke in March, hackers have been salivating at the mouth, ready to pounce. Indeed, some may have already discovered the bug. Since attackers will be eagerly awaiting the disclosure, once patches are released next week, Windows and Samba users must immediately patch their systems to prevent exploitation. This should serve as a warning to all MSPs to act now, and get your house in order.
Badlock Bug Background (Details TBD)
"Please get yourself ready to patch all systems on this day. We are pretty sure that there will be exploits soon after we publish all relevant information."
This warning comes straight from the official Badlock website and speaks to the growing anticipation within the cybercrime community. Although we don't know where the Badlock bug lives, InfoWorld is attempting to connect dots by sharing hints given by SerNet, the Samba consulting company responsible for the Badlock website. Since Badlock implicates Windows and Samba users, it is likely that it "has something to do with the SMB protocol, used to read and write files over the local network, or Common Internet File System (CIFS), the SMB implementation used in Windows." As a result, it may be reasonable to expect that any software using SMB will be impacted. Johannes Loxen, SerNet's CEO, even spread speculation that with Badlock, attackers could obtain administrative access to local networks because the vulnerability would mean "admin accounts for everyone on the same LAN." Again, nothing is certain, but even contemplating the implications of such an uncertainty should light a fire underneath you. Managing Badlock has to be Priority 1.
How MSPs Can Prepare
"Thinking will not overcome fear but action will." ~W. Clement Stone~
You may be thinking that you don't have to worry about Badlock until April 12th since you don't know what it is you're dealing with. Ever since Stefan Metzmacher, a member of the international Samba Core Team, discovered and reported the bug, there's been a lot of hype around Badlock and what it means for users. Some even question the point of announcing the presence of a vulnerability weeks before MSPs and IT service providers can correct it. Still, all MSPs should take advantage of this 20-day advanced notice. Complete any other projects and tasks beforehand so you can devote April 12th to test and deploy patches. Additionally, make sure you'll have the sysadmin resources required to successfully apply the patches. As far as which patches will be available, the Badlock website lists >Samba 4.4, Samba 4.3 and Samba 4.2. It is also important to note that all Windows machines are expected to be impacted.
If you're a Continuum partner...
We understand the matter is time-sensitive and that in order to prevent exploits, our partners need to patch ASAP. In response, we'll be whitelisting this patch immediately upon its release so that it is available to you. Please see this thread in Collaborate, our private online partner community, for more information.
For more information and updates, be sure to check out the official Badlock website. In the meantime if you have not already, set a reminder or circle April 12th as the day the mystery of Badlock is unlocked. Then, prepare your team to act fast so as not to give hackers the keys to your clients' Windows kingdoms.
By Paula Griffin
By Meaghan Moraes
By Madison Lichtmann