Security News > 2020 > September > As you're scrambling to patch the scary ZeroLogon hole in Windows Server, don't forget Samba – it's also affected
Administrators running Samba as their domain controllers should update their installations as the open-source software suffers from the same ZeroLogon hole as Microsoft's Windows Server.
We're told Samba running as an Active Directory or classic NT4-style domain controller is at risk, and although file-server-only installations are not directly affected, "They may need configuration changes to continue to talk to domain controllers."
"File servers and domain members do not run the netlogon service in supported Samba versions and only need to ensure that they have not set 'client schannel = no' for continued operation against secured DCs such as Samba 4.8 and later and Windows DCs in 2021," Bartlett and Bagnall added.
"Users running Samba as a file server should still patch to ensure the server-side mitigations do not very rarely impact service."
The hole is addressed in Samba 4.10.18, 4.11.13, and 4.12.7.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/09/22/samba_zerologon_patch/
Related news
- Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Windows Server 2025 released—here are the new features (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)