Check Point Threat Alert: Badlock Vulnerability
ByDanny Lieblich and Amir Landau, Threat Intelligence & Research
EXECUTIVE SUMMARY
- An elevation-of-privilege vulnerability exists in Microsoft Windows and the Samba interoperability suite for Linux & UNIX.
- Attackers could launch a man-in-the-middle-attack and downgrade the authentication level of DCE/RPC channels, allowing them to impersonate authenticated users.
- Check Point’s latest IPS update protects against this vulnerability with the “Microsoft Windows RPC Authentication Downgrade (MS16-047)” protection.
DESCRIPTION
- A vulnerability exists in Microsoft Windows and in the Samba interoperability suite for Linux & UNIX.
- An attacker could launch a man-in-the-middle (MiTM) attack and downgrade the authentication level of DCE/RPC channels. This would allow the attacker to impersonate authenticated users and gain access to restricted resources.
- This vulnerability occurs because the Security Account Manager (SAM) and Local Security Authority Domain Policy (LSAD) remote protocols accept authentication levels that do not provide adequate protection for information passed on the DCE/RPC channel. This affects all services using DCE/RPC.
- The vulnerability, referred to as Badlock, was assigned CVE number CVE-2016-0128.
CHECK POINT IPS PROTECTION
- Check Point IPS blade protects against this vulnerability with the following protection:
- The protection detects the attacker’s response to the client which causes the client to downgrade the authentication level. Setting the protection to prevent blocks the response.
REFERENCES
- Information shared by the security researchers who discovered the vulnerability:
- Microsoft Security Bulletin MS16-047:
You may also like
Navigating the Evolving Threat Landscape Ahead of Black Friday
As Thanksgiving and Black Friday approach, so do the risks ...
Spotlight on Iranian Cyber Group Emennet Pasargad’s Malware
Executive Summary On October 21, 2024, multiple emails impersonating the ...
Hamas-linked Threat Group Expands Espionage and Destructive Operations
Check Point Research has been monitoring the ongoing activities of ...
October 2024’s Most Wanted Malware: Infostealers Surge as Cyber Criminals Leverage Innovative Attack Vectors
Check Point Software’s latest threat index reveals a significant rise ...