Check Point Threat Alert: Badlock Vulnerability
ByDanny Lieblich and Amir Landau, Threat Intelligence & Research
EXECUTIVE SUMMARY
- An elevation-of-privilege vulnerability exists in Microsoft Windows and the Samba interoperability suite for Linux & UNIX.
- Attackers could launch a man-in-the-middle-attack and downgrade the authentication level of DCE/RPC channels, allowing them to impersonate authenticated users.
- Check Point’s latest IPS update protects against this vulnerability with the “Microsoft Windows RPC Authentication Downgrade (MS16-047)” protection.
DESCRIPTION
- A vulnerability exists in Microsoft Windows and in the Samba interoperability suite for Linux & UNIX.
- An attacker could launch a man-in-the-middle (MiTM) attack and downgrade the authentication level of DCE/RPC channels. This would allow the attacker to impersonate authenticated users and gain access to restricted resources.
- This vulnerability occurs because the Security Account Manager (SAM) and Local Security Authority Domain Policy (LSAD) remote protocols accept authentication levels that do not provide adequate protection for information passed on the DCE/RPC channel. This affects all services using DCE/RPC.
- The vulnerability, referred to as Badlock, was assigned CVE number CVE-2016-0128.
CHECK POINT IPS PROTECTION
- Check Point IPS blade protects against this vulnerability with the following protection:
- The protection detects the attacker’s response to the client which causes the client to downgrade the authentication level. Setting the protection to prevent blocks the response.
REFERENCES
- Information shared by the security researchers who discovered the vulnerability:
- Microsoft Security Bulletin MS16-047:
You may also like
AI’s Impact in 2024 Elections and What Voters Can Do to Protect Themselves from Disinformation
2024 is perhaps the biggest election year the world has ...
Ransomware’s Evolving Threat: The Rise of RansomHub, Decline of Lockbit, and the New Era of Data Extortion
1.Introduction The ransomware landscape is witnessing significant changes, with new ...
A Closer Look at Q3 2024: 75% Surge in Cyber Attacks Worldwide
A Record Spike in Attacks: In Q3 2024, an average ...
Check Point Research Unveils Q3 2024 Brand Phishing Trends: Microsoft Remains Most Imitated Brand as Alibaba and Adobe Enter Top 10
Microsoft is identified as the primary target in phishing attacks, ...