After a three-week delay, Badlock was released to the public on Tuesday, generating disappointment in the research community and relief in some cases. Microsoft rated Badlock as “Important” in their Patch Tuesday release, only applications or products using SAM or LSAD remote protocols are affected by the bug. Badlock isn’t a remote exploit, it’s a local exploit, so the attacker already has to be inside the network before it can do damage. The attack vector Man-in-the-Middle isn’t even a consideration at this point.”]
Source: https://www.csoonline.com/article/3055402/badlock-vulnerability-viewed-as-more-hype-than-threat.html