Ioana Sundius

BADLOCK Samba Vulnerability: ECAT is NOT affected

Blog Post created by Ioana Sundius Employee on Apr 13, 2016


On April 12, Microsoft issued a vulnerability update, to inform its customers that a vulnerability has been found in its software, which would allow a man-in-the-middle attack on software that leverages SAM and LSAD implementations  on most Microsoft Windows operating systems. This issue has important consequences, and it currently (time of this writing) tops security concerns on the Windows operating system groups. It even has its own collection of logos in the Twiterverse! So our team of engineers investigated.

 

Summary (from the NIST National Vulnerability Database):

CVE-2016-0128

The SAM and LSAD protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1 , and Windows 10 Gold and 1511 do nopt properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "windows SAM and LSAD Downgrade Vulnerability", or "BADLOCK".

 

RSA ECAT Engineering has researched the issue and reports that none of the RSA ECAT versions supported are affected by this vulnerability.

 

Update:

Microsoft has issued a patch to address this vulnerability, as documented in the Microsoft Security Bulletin MS16-047.

 

Findings:

This issue does not affect RSA ECAT. As usual, we do recommend that all underlying infrastructure should always be kept fully patched.

 

References:

Microsoft Announcement: Security Update for SAM and LSAD Remote Protocols (3148527)

NIST CVE: Vulnerability Summary for CVE-2016-0128 (Microsoft products)

Samba report: SAMR and LSA man in the middle attacks possible (CVE-2016-2118)

NIST CVE: Vulnerability Summary for CVE-2016-2118 (Samba products)

 

 

Outcomes