Direct Technology Group Blog

Direct Technology Group provides professional IT Support and Network Services for Businesses around Deerfield Beach. Computer Services, Tech Support, IT Solutions and more!

Newly Discovered Vulnerability Gives Reason to Worry for Every Windows User

Newly Discovered Vulnerability Gives Reason to Worry for Every Windows User

A vulnerability has been discovered that affects all versions of Microsoft’s Windows operating system, including the long-unsupported Windows XP, going all the way back to Windows 95. The vulnerability, called BadTunnel, allows attackers to directly bypass system defenses and initiate a man-in-the-middle attack. The vulnerability isn’t limited to just Windows, either; it also affects Internet Explorer, Edge, and other Microsoft software.

This vulnerability is largely being called “probably the widest impact in the history of Windows,” making it quite a big deal indeed. Yang Yu, a security researcher at Tencent’s Xuanwu Lab, is the one responsible for finding the bug, and his actions in doing so were rewarded handsomely; he’s one of the few who have managed to earn more than $100,000 through Microsoft’s “bug bounty” program, and the discovery of BadTunnel netted him a modest $50,000.

Forbes reports: “This vulnerability can be exploited through Edge, Internet Explorer, Microsoft Office and many other third-party software on Windows. It can also be exploited through web servers … or even through thumb drives – insert the thumb drive into one of the ports on the system and the exploitation is complete.”

Perhaps the most disconcerting thing about this vulnerability is that it’s left Windows PCs vulnerable to attacks for the past 20 years. A successful exploit of the flaw can spoof connections over NetBIOS that allows computers to communicate with one another over a local area network. Essentially, the hacker could route traffic on a user’s Windows PC to their own. Forbes explains further: “Not only could the hacker spy on non-encrypted traffic, they could intercept and tamper with Windows Update downloads. And they could inject further attacks in web pages visited by the victim. For instance, they could ensure that the “tunnel” between the target and the hacker would remain open by inserting code into web pages cached by the browser.”

But, fear not - a patch for BadTunnel was issued in Microsoft’s June 14th Patch Tuesday. However, not all businesses automatically deploy patches and updates, so communicate with your IT department to ensure that your business is protected from BadTunnel. If you ignore this vulnerability, there’s a chance that your Windows PCs could be monitored and controlled remotely by malicious entities. You can view the official Microsoft security bulletin here.

Yu believes this vulnerability to be the first of its kind, and it’s understood that Windows users should update as soon as possible. Yet, some users, like those who have Windows XP (still), will be out of luck. In these circumstances, researchers have recommended disabling NetBIOS over TCP/IP. However, it might just be easier, and more secure, to just upgrade to a supported operating system. Whatever you decide to do, Direct Technology Group has your back.

Yu plans to discuss the finer details of BadTunnel later this month at the 2016 BlackHat Conference in Las Vegas, July 30th through August 4th.

For more technology news and security tips, reach out to Direct Technology Group at (954) 739-4700.

Tip of the Week: 5 Easy Ways to Move Several Files...
How Your Business Can Take Advantage of These 4 Mo...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, 21 November 2024

Captcha Image

Blog Archive

2014
January
February
March
April
May
June
July
August
September
October
November

Mobile? Grab this Article

QR Code
Request a Consultation

Direct Technology Group strives to provide the best comprehensive IT, Computer, and Networking services to small businesses. We can handle all of your organization's technology challenges.

Contact Us
Contact Us

Learn more about what Direct Technology Group can do for your business.

1358 W Newport Center Dr
Deerfield Beach, Florida 33442

Call us: (954) 739-4700

News & Updates
Direct Technology Group is proud to announce the launch of our new website at www.directtechnologygroup.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...