Badlock (CVE-2016-2118) is a security bug disclosed on April 12, 2016 affecting the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols supported by Windows and Samba servers.

Both SAM and LSAD are layered onto the DCE 1.1 Remote Procedure Call (DCE/RPC) protocol. As implemented in Samba and Windows, the RPC services allowed an attacker to become man in the middle. Although the vulnerability was discovered during the development of Samba, the namegiving SMB protocol itself is not affected.