BadTunnel: Critical vulnerability affects every version of Microsoft’s OS since Windows 95
June 29, 2016
Shah Sheikh (1172 articles)

BadTunnel: Critical vulnerability affects every version of Microsoft’s OS since Windows 95

A security researcher from Tencent, China’s largest internet service portal, has discovered a critical security flaw in Microsoft’s Windows operating system that affects every single version of Windows over the last two decades, from Windows 95 all the way to Windows 10.

The flaw, known as BadTunnel, is made up of a series of security weaknesses that, when put together, make it possible for attackers to set up man-in-the-middle (MITM) attacks. This allows hackers to intercept and decrypt traffic being sent between vulnerable clients, such as smartphones, PCs, laptops, tablets and servers.

Essentially, BadTunnel works by enabling attackers to perform NetBIOS spoofing across networks so the hacker bypasses firewalls and Network Address Translation (NAT) devices to gain access to the victim’s network traffic without actually having to be on the victim’s network. In the past, the only way to access a victim’s traffic was to gain access to the network.

The hacker tricks the victim into visiting a malicious webpage using the Internet Explorer (IE) or Edge web browsers, opening a malicious email attachment such as a Word document or installing a malicious USB memory stick.

“This vulnerability is caused by a series of seemingly correct implementations, which includes a transport layer protocol, an application layer protocol, a few specific usage of application protocol by the operating system and several protocol implementations used by firewalls and NAT devices,” Yang Yu, Tencent’s director of Xuanwu Lab told cybersecurity news site Dark Reading.

By capitalising on several vulnerabilities, such as how Windows resolves network names and accept responses; how Windows deals with network paths that come via an IP address; how IE and Edge support webpages that come with embedded content; and how the NetBIOS Name Service NB and NBSTAT queries handle transactions, the hacker can get into the victim’s network.

Microsoft has awarded Yu $50,000 (£39,000) in bug bounty for spotting the vulnerability and sent out a patch for the security flaw on 14 June’s Patch Tuesday. However, for people who are still using Windows XP on any of their systems, you will need to disable NetBIOS over TCP/IP.

Yu has detailed exactly how the attack works in a technical paper that will be presented in a talk entitled “BadTunnel: How do I get Big Brother power?” at the Black Hat 2016 conference in Mandalay Bay, Las Vegas from 30 July to 4 August 2016.

Source | IBTimes