ADVISORY: Plan now to patch for Badlock Bug on April 12

Wednesday, March 23, 2016

This information is intended for U-M IT staff who are responsible for university machines that run Windows SMB (file shares) or Samba. Note that machines running Linux and OSX may provide services through Samba.

An important security bug in Windows and Samba has apparently been discovered, and Microsoft and Samba are working together to address it. Patches are scheduled to be released on April 12, 2016, to fix the bug, which is being called Badlock. Please plan now to set aside time to apply those patches.

IIA will likely recommend that Windows system administrators be prepared to accelerate their normal Patch-Tuesday routines. This could involve creating contingency plans for critical services, because immediate business hours patching and service outages may be required if there is an immediate threat.

IIA is pulling together more information about this and will send it via email to U-M IT staff groups and post it here during the week of March 28.