Incident Response, Network Security, Patch/Configuration Management, TDR, Vulnerability Management

BadTunnel flaw affects every Windows OS

Every version of the Microsoft Windows operating system, going back 20 years, is at risk from a number of security weaknesses detected by a Chinese researcher, according to the International Business Times.

The critical security flaw in the Windows OS, dubbed BadTunnel, could enable attackers to put in place man-in-the-middle attacks that would allow  them to siphon and decrypt traffic being transmitted between devices and servers.

The researcher, Yang Yu, earned a $50,000 bug bounty for his discovery, which can enable miscreants to initiate NetBIOS spoofing across networks. This enables hackers to bypass firewalls and network address translation (NAT) devices and connect with a target's network traffic – without having to be on the victim's network. Previously, hackers needed to first penetrate into a network.

A patch was issued as part of the June 14 Patch Tuesday. However, those still using Windows XP are advised to disable NetBIOS over TCP/IP.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.