A recently discovered, but now patched BadTunnel vulnerability for Windows PC was recently unveiled by a security researcher Yang Yu. Microsoft addressed the flaw in its security bulletin MS16-077 and in CVE-2016-3213 and released a fix.
BadTunnel vulnerability
As per the report posted by Yu, BadTunnel can affect every version of Windows right from Windows 95 to Windows 10. It basically gets users to click a malicious link or to open a malicious Microsoft Office document. While the actual basics of the computer vulnerability are not yet revealed by the company, what we know by now is that it could lead the hackers to hijack network traffic and spoof the NetBIOS, dodging your Firewall. In simple words, BadTunnel grants attackers access to network traffic without actually being on the victim’s network.
This vulnerability has a massive security impact – probably the widest impact in the history of Windows. In combination with other system mechanisms, it can hijack the network traffic, and even run any program,” said Yang. “It relies on a chain of elements including “a transport layer protocol, an application layer protocol, a few specific usage of application protocol by the operating system, and several protocol implementations used by firewalls and NAT devices”, he further added.
BadTunnel attacks via the Windows apps which support URI and UNC paths like Edge, Internet Explorer, and Office. Some attacks via Web server and USB flash drive have also been reported.
How your web browsers Edge and Internet Explorer support web pages, how your NetBIOS resolution works and how your operating system handles network paths – all together makes your network vulnerable to the BadTunnel attack.
While the patch has already been released by Microsoft for all supported versions of Windows, Windows XP users are suggested to disable NetBios over TCP/IP.
Check out the detailed report by security firm Naked Security.
