Windows BadTunnel is an Important Vulnerability You Need to Patch
Yang Yu the director of Tencent’s Xuanwu Lab has found a vulnerability in the Windows operating system released over the course of the last 2 decades. This is called the Windows BadTunnel.
BadTunnel enables the NetBIOS Name Service used Windows programs to communicate with other PCs on a LAN network, this means that an attacker can hack all network communications, including web, updates, and the Crypto API Certificate.
The obvious way of the hack would be through internet explorer or edge BadTunnel can be used through other 3rd party software and applications as well. This means Chrome and Mozilla will not keep you safe either. Windows BadTunnel can also be activated by webpages, USB or short links. In essence Windows BadTunnel is a coding flaw.
Yang Yu reported his findings to Microsoft and this has been patched in the June 14 patch. Windows XP users will have to disable NetBIOS manually in order to be safe from Windows BadTunnel.
Microsoft has awarded Yang Yu US$50,000 for finding this bug in their OS. A more detailed technical report will be released at Black Hat USA 2016.
The positive thing here is that the problem was identified and Microsoft was quick to take action before any notable damage could take place. Not that we had any way of knowing that something went wrong because of this code flaw.
We will be able to learn more at the event where we will be able to find out more about the origins of the error and how it could have been used against windows users,
If you have done the patch then well and good. If you have not then it is recommended that you do patch your windows OS as soon as possible before there is any attack. It is always better to be safe than sorry.