As per the recent update, a bug called as Badlock will be disclosed in Windows and Samba on April 12th, 2016. According to the report, the Badlock vulnerability will affect Windows and Samba. However, the engineers from Samba and Microsoft are working together to tackle the Badlock vulnerability.
The team is trying its best to release the patch on April 12th, so that the Badlock vulnerability doesn’t cause major damage. Microsoft has asked all the admins and those who are responsible for Windows and Samba server infrastructure to be ready all day long. They should be ready to patch all systems on this day. The team mentions that there will be exploits soon after we publish all relevant information.
The Samba 4.4.0 was released on March 22nd. However, the Samba 4.1 release has been marked as discontinued due to the Badlock vulnerability. It is mentioned that the patches won’t be available for security fixes as well. Hence, users are advised to upgrade to the version after Samba 4.1. According to the post, the patches will be available for Samba 4.4, Samba 4.3 and Samba 4.2 on April 12th. The patches for Samba will be released around 17:00 UTC. The Microsoft Patch for Badlock vulnerability will also occur around the same time.
The makers of the Badlock patches also mention the reason for announcing the patches before April 12th, 2016. They say,
“The main goal of this announcement is to give a heads up and to get you ready to patch all systems as fast as possible and have sysadmin resources available on the day the patch will be released. Vendors and distributors of Samba are being informed before a security fix is released in any case. This is part of any Samba security release process.”
They further mention,
“Weighting to the respective interests of advance warning and utmost secrecy, we chose to warn you beforehand, so that everyone has a chance to be ready to install the fixes as soon as they are available. Once the patch is released to the public, it will point to attack vectors and exploits will be in the wild in no time.”
Get more information on the Badlock vulnerability on the official link of badlock.org.