Samba puts out new security update to address exploit that fueled WannaCry

Share this…

Vuln hit “all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos.”

On Wednesday, the Samba Team released new security updates to fix a vulnerability in “all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos,” according to an announcement from the United States-Computer Emergency Readiness Team (US-CERT).

The upgrade comes in response to an invasive piece of malware which virally spread ransomware known as “WannaCry,” “WCry,” or “WannaCrypt.” As Ars reported in May 2017, within hours of the attack, computer systems around the world were crippled, prompting hospitals to turn away patients while telecoms, banks, and companies such as FedEx were forced to turn off computers for the weekend.

Microsoft, Samba Patch "Badlock" Vulnerability
Microsoft, Samba Patch “Badlock” Vulnerability
Because of WannaCry, Microsoft took the rare step of issuing patches for three discontinued versions of Windows that hadn’t been updated in years. In a blog post released at the time, Microsoft believed that the ransomware worked due to a Samba exploit.With the newly released update, Samba developers noted: “Additionally, Samba 4.6.6, 4.5.12 and 4.4.15 have been issued as security releases to correct the defect. Samba vendors and administrators running affected versions linked against the embedded Heimdal Kerberos are advised to upgrade or apply the patch as soon as possible.”