BadTunnel: a vulnerability all Windows users need to patch

WINDOWS CUCKS BTFO

A security researcher has uncovered a serious vulnerability that affects every version of Microsoft’s Windows operating system from Windows 95 to Windows 10.

The vulnerability could give attackers a way to set up man-in-the-middle attacks against victims by getting them to click on a link, open a Microsoft Office document or plug in a USB drive.

In an interview with Dark Reading, Yang Yu, who earned a whopping $50,000 bug bounty for the discovery he’s nicknamed BadTunnel, described the impact in grandiose terms:

Microsoft released a fix for the vulnerability on Tuesday in security bulletin MS16-077. Users of unsupported Windows versions such as Windows XP should disable NetBIOS over TCP/IP.

The nuts and bolts of how the vulnerability works haven’t been revealed but it has been described as a technique for NetBIOS-spoofing across networks that bypasses firewalls and NAT (Network Address Translation) devices.

In other words, it can expose you to attackers who aren’t on your network, and your firewalls won’t save you, unless you block UDP on port 137 between your network and the internet.

According to Yu, it relies on a chain of elements including “a transport layer protocol, an application layer protocol, a few specific usage of application protocol by the operating system, and several protocol implementations used by firewalls and NAT devices.”

Microsoft’s bulletin appears to break the final link in the chain by fixing a vulnerability in WPAD (Web Proxy Autodiscovery Protocol) that was first reported in 2007.

WPAD is a way for computers to discover web browser configuration files automatically by searching specific addresses on a computer’s local network. An attacker who could find a way to occupy one of those addresses, or to change the addresses being searched, could supply their own configuration files and instruct the victim’s browser to route traffic through a man-in-the-middle attack.

Until BadTunnel, the attacker had to gain access to a victim’s network (or rely on opportunistic domain name collisions) which made it a difficult trick to pull off.

Yu plans to reveal the full gory details of BadTunnel in a presentation at the upcoming BlackHat conference

nakedsecurity.sophos.com/2016/06/16/badtunnel-a-vulnerability-all-windows-users-need-to-patch/
archive.is/vZZjo

Other urls found in this thread:

cvedetails.com/product-list/product_type-/vendor_id-26/firstchar-W/page-2/products.html?sha=4fceb200560c0afe603e8124963913224e72eed0&trc=93&order=4
cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33
twitter.com/SFWRedditImages

So does that mean when a serious vulnerability is found and fixed on Linux that LINCUCKS BTFO?

Butthurt wincuck detected. First of all, anyone that uses Windows that isn't retarded should have Microsoft update completely disabled to avoid the Windows 10 botnet which means a lot of people are still vulnerable to this. Second every time any random application on Linux has a vulnerability, not even the kernel FUCKING ANYTHING, it gets named and shilled as the death of Linux in the media for days, weeks, months, and even years. Stay triggered wincuck

Tell us when you find a 10 year old bug that lets you MITM systems running the Linux kernel.
by the way, microsoft representative, we don't use the subject field in replies usually.

Welcome to being retarded. Even if the update service is disabled you can still download the patch manually and install it. You can even disconnect the internet if you're that paranoid.

Well, maybe it's because you do this kind of shit and perpetuate the cycle? But don't let logic get in the way of you saying shit you know nothing about.

Should I start calling you Stallman? Since apparently if you apply basic logic to things you're somehow a representative for it?

Which is the purpose of this article you absolute fucking mong. People are vulnerable to this unless they know it's happening, retard.

kek, who would actually defend microsoft corporation in this situation besides a paid shill? get fucked in the ass you cunt.

Except it's plastered all over techcrunch and is a patch in the database so if you're not a child incapable of research you'd find it easily.

Christ would you blow your brains out already? Someone as stupid as you should threaten the entire gene pool of the human race.

You are the one that needs to blow your brains out, m8.

I don't know if you're "trolling" or what, but being retarded only makes you look retarded. Nothing more nothing less.


Careful, someone might mistake you for an actual person and not an SJW.

None of your replies make sense mister. Here's a tip: posting convincingly in an imageboard takes more than bluntly calling everyone a retard, despite what your corporate training manual says.

I wish I could post that picture of the guy calling someone retarded and then them pretending to be a troll. Unfortunately I use Tor so I can't. Rest assured that I don't need to actually post more than I already have to convince anyone else that you're retarded.

wew

You know, from now on I'm going to assume all freetards are one hive mind. It'll make it easier to argue with you lot when this kind of shit happens.

...

I bet the GNU OS has no such vulnerabilities whatsoever OH WAIT, what is Shellshock?

Jesus fuck Freetards really are cancer

Disclaimer; I'm not the other guy, and I'm posting from my Fedora rig

Tell us when you find a 15 year old bug that allows you to infiltrate networks and MITM any windows computer.

I'm sorry Richard, I can't hear you over the sound of not being autistic.

How do you "bypass" NAT?

Because apparently attempting to resolve the NetBIOS of a machine outside of your LAN is a thing.

Pretty sure there's at least three times the known vulnerability for linux than windows.

I count 5865 only the reported ones :^) for Windows, versus 1439 for Linux.

I use Debian and CentOS and I must say your behavior is overboard even by Holla Forums standards

Go back to reddit

can we have the sauce of the screenshot ?
please

You can't make this shit up, this unimaginable beyond botnet. Good luck on getting your security patch without getting updated to windows botnet 10 fags.

hang yourself faggot

cvedetails.com/product-list/product_type-/vendor_id-26/firstchar-W/page-2/products.html?sha=4fceb200560c0afe603e8124963913224e72eed0&trc=93&order=4
cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33

I think you'll find that everybody installed windows 10 and maintain a strict regimen of official updates: there's nothing a windows user loves more than updates and paid major revisions and there's millions of youtube videos of people pleased that their computer has notified them of more of them.

The fallout from this full disclosure will be minimal.

don't pretend like you don't run apt-get update && apt-get upgrade or dnf update every now and then m8

Linux Mint
Zorin OS

But we are user. We share the same philosophy and interests when it comes to technology, our opinions are thus fairly similar.

No, I mean hive mind in the sense you are all the same person, Stallman.

And you shouldn't be proud or content with being a hive mind.

How much?

Microsoft MSFT -0.52% is today closing off a vulnerability that one Chinese researcher claims has “probably the widest impact in the history of Windows.” Every version of the Microsoft operating system going back to Windows 95 is affected, leaving anyone still running unsupported operating systems, such as XP, in danger of being surreptitiously surveilled.

Thankyou Windows
My money paid to u has been put to good use

Keep up the good work

Yang is no stranger to writing Microsoft exploits. He has twice before won Microsoft’s Mitigation Bypass bounty worth $145,000; for this bug he was awarded $50,000.

Cheap chink spies should have hired this guy to use against The opposition

Is that like a shill meme?

not him user but do you remember the linux that looks like windows 98?

...

I don't see that
are you running a script that gives him an ID?

I am not convinced

not who you are responding too but I can tell you he is sufficiently right

Nothing to see here, goyim. Just take your updates like a good goy. You will enjoy Windows 10, it is only free until July 29th you know.

Summer sure is here.

Absolutely nothing.

He's probably a vol.

He takes his job very seriously.

...

Kill your self.

No it doesn't, you're being delusional because nobody wants a patch comes with wangblows10 update. Enjoy on getting bad tunnel botnet by some random haxxor.

How do you do fellow GNU/Lignux users! Where can I find the list of dank mee mees on this great web app we are utilizing concurrently?

Butthurt Windows shill pls go

>>>/reddit/ may better suit your taste for botnets

Fucking whitehats.

Linux is just the kernel. There are many exploits missing if you leave out all of the other software that is part of GNU/Linux. For example, Shellshock wouldn't be part of this list, since its bash.

On the microsoft list you even included things like Word, or the mobile operating system.

A fair comparison would be Windows XP (726 CVEs) vs Linux (1415 CVEs) + GNU Coreutils (?? CVEs) + SystemD (?? CVEs) + ..

and so on.

why do you fucking retards keep capitalizing it
it's systemd
system daemon
unix/linux does not capitalize daemons

for fucks sake

and also, that wouldn't be accurate because we're comparing windows as a whole to linux and userspace
it'd require an in-depth study of unique CVEs for windows versions, as well as concerning all of them

and the only studies usually done are bought and paid for by microsoft

fact is, windows has had the most serious vulnerabilities. and it's even hard to judge that list because most serious CVEs don't even concern shit like windows server beyond their recommended configuration, which is impossible to adhere to in a practical way btw.

The numbers are right there. Windows XP has 726 unique CVEs, vulnerabilities that affect Windows XP.

So? That's what matters bottom line.

These are individual, reported and known vulnerabilities

A vulnerability is a vulnerability, what does serious mean in this context? Possible damage in USD? Linux is used on almost every server in the world. Ease of use for the exploit to a given vulnerability?

Security vulnerabilities in Office do matter, that's how many of the ransomware trojans are implemented. By contrast sending a malformed .doc to a Linux user is useless because you don't know which program they're going to view it with.

Monoculture is a security vulnerability.

Software doesn't ship with the operating system, so its not part of it, simple as that. By that logic you'd have to add LibreOffice, the most widespread Linux browser and so on to the list as well.

As far as normies are concerned, Windows and Office are both things that shipped with their computer. Your distinction doesn't matter irl.

CRITICAL CVEs