BadTunnel Bug Hijacks Network Traffic, Affects All Windows Versions

An anonymous reader writes: Microsoft has just patched a vulnerability that affects all Windows versions ever released. Called BadTunnel, the security flaw allows attackers to pass as a WAPD or ISATAP server and intercept all network traffic. Exploitation is trivial and firewalls are natively designed to open the port through which the attack is carried out. BadTunnel can be triggered whenever the user clicks URI or UNC links/paths in Office files, IE, Edge, or other applications that support the URI/VNC scheme (and most do). Additionally, an attacker can carry out his attack from the other side of the world, and does not need to have a foothold on the victim's network. While recent Windows OS versions received patches, exploitation points remain open for non-supported Windows operating systems such as XP, Windows Server 2003, and others. For these operating systems, and for those that can't be updated just yet, system administrators should disable NetBIOS.

Re: Break out my Windows 3.11 box

[BronsCon]

At worst, it could have been exploited by a system on the same LAN, as IPX/SPX was very frame-size and frame-order dependent, rendering it effectively useless as a WAN protocol.

Additionally, read up on how the vulnerability functions. I had to read up on it a bit more than I already had in order to write this reply, but here's a summary: The attack involved convincing a Windows machine, via a flaw in NetBIOS over TCP/IP, that the attacking machine is a valid WPAD or ISATAP server. ISATAP is an IPv6 transition mechanism so we can rule that out as a WFW attack vector. WPAD hadn't been created by Netscap yet in 1993 when WFW was released (it was developed in 1996 as part of Netscape Navigator 2.0), so that's ruled out as well.

Looks like WFW was safe.