Security News > 2020 > September > As you're scrambling to patch the scary ZeroLogon hole in Windows Server, don't forget Samba – it's also affected
Administrators running Samba as their domain controllers should update their installations as the open-source software suffers from the same ZeroLogon hole as Microsoft's Windows Server.
We're told Samba running as an Active Directory or classic NT4-style domain controller is at risk, and although file-server-only installations are not directly affected, "They may need configuration changes to continue to talk to domain controllers."
"File servers and domain members do not run the netlogon service in supported Samba versions and only need to ensure that they have not set 'client schannel = no' for continued operation against secured DCs such as Samba 4.8 and later and Windows DCs in 2021," Bartlett and Bagnall added.
"Users running Samba as a file server should still patch to ensure the server-side mitigations do not very rarely impact service."
The hole is addressed in Samba 4.10.18, 4.11.13, and 4.12.7.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/09/22/samba_zerologon_patch/
Related news
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- Don't want your Kubernetes Windows nodes hijacked? Patch this hole now (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)