25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

US-CERT: Patch Samba Now to Address Wormable Code Execution Bug

Posted By on May 30, 2017

A worldwide cyberattack in a similar vein to the WannaCry ransomware attacks on Friday 12, May could be repeated using a different Windows Server Message Block vulnerability. US-CERT has issued a security alert about the SMB flaw advising organizations to apply a patch as soon as possible to fix the vulnerability.

The vulnerability, which is being tracked as CVE-2017-2764, affects Samba 3.5.0 and later versions. Samba provides Windows-style file and print services for Linux and Unix servers and is based on the Windows SMB file-sharing protocol.

US-CERT says the flaw is a remote code execution vulnerability that could be exploited by “a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.” If the flaw is exploited, an attacker could run arbitrary code with root-level permissions.

Ars Technica says the flaw can only be exploited on un-patched computers if port 445 is open to the Internet and if a machine permits permanent write privileges from a shared file with a known or guessable server path.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

A patch has been issued to fix the vulnerability in Samba versions 4.4 and later, although organizations that are unable to apply the patch can fix the vulnerability without applying the patch. The workaround involves adding “nt pipe support = no” to the global section of smb.conf and restarting the smbd daemon.

The fix prevents clients from accessing named pipe endpoints, although US-CERT warns that the workaround may also disable some functionality for Windows clients.

Samba is also used on NAS devices, often without users’ knowledge. NAS environments are commonly used to store backup files. If the flaw was exploited in a similar fashion to the May 12 attacks and ransomware is installed, backups could be rendered useless. Organizations should therefore ensure that at least one copy of a backup file is stored on an offline, unnetworked device.

The wormable-code execution bug has existed for 7 years and there are currently more than 104,000 Internet-exposed devices that are vulnerable to attack according to cybersecurity firm Rapid7. A proof-of-concept exploit is believed to be available, although no attacks have been detected to date.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist