On April 12, 2016 the Samba.org project and Microsoft disclosed a vulnerability that is being referred to as Badlock.  The Cisco Product Security Incident Response Team (PSIRT) is currently investigating the impacts of this vulnerability on Cisco products.

Based on our initial analysis of the vulnerability, we expect minimal impact to Cisco products.  If any Cisco products are determine to be affected, we will disclose in accordance with our Security Vulnerability Policy.

Cisco customers running Microsoft products should review Microsoft’s guidance and take appropriate action.

Samba has released a security advisory here: https://www.samba.org/samba/security/CVE-2016-2118.html

Microsoft released MS16-047 and can be found here: https://technet.microsoft.com/library/security/ms16-047


Troy Fridley

Incident Manager, Cisco Product Security Incident Response Team (PSIRT)