“A newly found flaw in widely used networking software leaves tens of thousands of computers potentially vulnerable to an attack similar to that caused by WannaCry,” Jeremy Wagstaff reports for Reuters.
“The U.S. Department of Homeland Security on Wednesday announced the vulnerability, which could be exploited to take control of an affected computer, and urged users and administrators to apply a patch,” Wagstaff reports. “Rapid7 said it had found more than 100,000 computers running vulnerable versions of the software, Samba, free networking software developed for Linux and Unix computers. There are likely to be many more, it said in response to emailed questions.”
Wagstaff reports, “Most of the computers found are running older versions of the software and cannot be patched.”
Read more in the full article here.
MacDailyNews Note: The Samba Team has released security updates that address a vulnerability in all versions of Samba from 3.5.0 onward. A remote attacker could exploit this vulnerability to take control of an affected system.
US-CERT encourages users and administrators to review Samba’s Security Announcement and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.
All versions of Samba from 3.5.0 onwards are vulnerable.
A patch addressing this defect has been posted to http://www.samba.org/samba/security/.
Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible.
When is someone going to come up with a software protective shield of some type that will not allow any bug to be exploited by ne’er-do-wells? Software needs shields at full powah Captain! I suppose that’s really going to be an AI guardian thing, patrolling for trolls trying to break the system. Skynet will save us! D’Oh!
It’s a free, open-source file server which serves the SMB protocol preferred by Windows clients (and newer Macs). The Windows version of AFP.
Sorry; I was replying to a comment above, which isn’t here any more.
Apple moved away from Samba to their own in-house version didn’t they?
More work to do. Some ways, job security, and wholely unnecessary in another universe.