Security News > 2020 > September > As you're scrambling to patch the scary ZeroLogon hole in Windows Server, don't forget Samba – it's also affected
Administrators running Samba as their domain controllers should update their installations as the open-source software suffers from the same ZeroLogon hole as Microsoft's Windows Server.
We're told Samba running as an Active Directory or classic NT4-style domain controller is at risk, and although file-server-only installations are not directly affected, "They may need configuration changes to continue to talk to domain controllers."
"File servers and domain members do not run the netlogon service in supported Samba versions and only need to ensure that they have not set 'client schannel = no' for continued operation against secured DCs such as Samba 4.8 and later and Windows DCs in 2021," Bartlett and Bagnall added.
"Users running Samba as a file server should still patch to ensure the server-side mitigations do not very rarely impact service."
The hole is addressed in Samba 4.10.18, 4.11.13, and 4.12.7.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/09/22/samba_zerologon_patch/
Related news
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft: Copilot ‘app’ on Windows Server mistakenly added by Edge (source)
- Microsoft: April Windows Server updates cause NTLM auth failures (source)
- Microsoft: April Windows Server updates also cause crashes, reboots (source)
- Microsoft fixes Windows Server bug causing crashes, NTLM auth failures (source)
- Microsoft: Windows Server 2019 updates fail with 0x800f0982 errors (source)