Patch Management, TDR

BadTunnel flaw affects every Windows OS

June 20, 2016

Every version of the Microsoft Windows operating system, going back 20 years, is at risk from a number of security weaknesses detected by a Chinese researcher, according to the International Business Times.

The critical security flaw in the Windows OS, dubbed BadTunnel, could enable attackers to put in place man-in-the-middle attacks that would allow  them to siphon and decrypt traffic being transmitted between devices and servers.

The researcher, Yang Yu, earned a $50,000 bug bounty for his discovery, which can enable miscreants to initiate NetBIOS spoofing across networks. This enables hackers to bypass firewalls and network address translation (NAT) devices and connect with a target's network traffic – without having to be on the victim's network. Previously, hackers needed to first penetrate into a network.

A patch was issued as part of the June 14 Patch Tuesday. However, those still using Windows XP are advised to disable NetBIOS over TCP/IP.
prestitial ad