BADLOCK: SMB/DCERPC MITM enabling Active Directory database access. Apply April 2016 patches. Enforce SMB signing across all endpoints to prevent MITM. Monitor for unusual SAMR/LSAD protocol activity in your SIEM.
The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, 7 SP1, 8.1/RT 8.1, Server 2008 SP2/R2 SP1, 2012 Gold/R2 allow man-in-the-middle attackers to impersonate an authenticated user (BADLOCK).
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →