BadTunnel flaw affects every Windows OS

A patch was issued on June 14 for a MitM flaw present in every Windows version.
A patch was issued on June 14 for a MitM flaw present in every Windows version.

Every version of the Microsoft Windows operating system, going back 20 years, is at risk from a number of security weaknesses detected by a Chinese researcher, according to the International Business Times.

The critical security flaw in the Windows OS, dubbed BadTunnel, could enable attackers to put in place man-in-the-middle attacks that would allow  them to siphon and decrypt traffic being transmitted between devices and servers.

The researcher, Yang Yu, earned a $50,000 bug bounty for his discovery, which can enable miscreants to initiate NetBIOS spoofing across networks. This enables hackers to bypass firewalls and network address translation (NAT) devices and connect with a target's network traffic – without having to be on the victim's network. Previously, hackers needed to first penetrate into a network.

A patch was issued as part of the June 14 Patch Tuesday. However, those still using Windows XP are advised to disable NetBIOS over TCP/IP.
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS