Slashdot Mirror
BadTunnel Bug Hijacks Network Traffic, Affects All Windows Versions (softpedia.com)
An anonymous reader writes: Microsoft has just patched a vulnerability that affects all Windows versions ever released. Called BadTunnel, the security flaw allows attackers to pass as a WAPD or ISATAP server and intercept all network traffic. Exploitation is trivial and firewalls are natively designed to open the port through which the attack is carried out. BadTunnel can be triggered whenever the user clicks URI or UNC links/paths in Office files, IE, Edge, or other applications that support the URI/VNC scheme (and most do). Additionally, an attacker can carry out his attack from the other side of the world, and does not need to have a foothold on the victim's network. While recent Windows OS versions received patches, exploitation points remain open for non-supported Windows operating systems such as XP, Windows Server 2003, and others. For these operating systems, and for those that can't be updated just yet, system administrators should disable NetBIOS.
16 bit software will save the day again.
just upgrade to Win 10 and everything will be ok.
let go of your old OS and let MS set you free.
for a limited time only.
I wonder if this had been known and maybe even disclosed by Microsoft to the NSA, especially since it's all known windows versions.
Wow! And to think, Windows 1.0, 2.0 and 3.0 didn't have any networking support! Yet they somehow have bugs that allows diverting network traffic that they don't and can't generate!
Windows 3.11 was the first to include networking, and I'm going to bet it wasn't affected, either.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
For the life of me I can't figure out why all of these tunneling/transition protocols are enabled by default in Windows. Who uses automatic IPv6 transition schemes in 2016? They certainly are not now nor have they ever been sufficiently reliable for production use and TTL for IPv6 amateur hour has long since expired. Why is this worth the massive security headaches these things invite?
Have a script that I run on any new windows boxes. Part of it does the following.
netsh interface teredo set state disabled
netsh interface isatap set state disabled
netsh interface 6to4 set state disabled
I'm honestly perplexed and dumbfounded why Microsoft is (still) doing this.
I'm sorry but I'm done with Microsoft patches. If hackers want to watch me play CS:GO or post on slashdot they're welcome to do it, but I won't risk Microsoft's definite installation of spyware.
Seven puppies were harmed during the making of this post.
I tend to use a philosophy of "less is more"
That's why you have a multi megabyte host file right?
Also. Bing? Really?
"Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
Yes, and if you're interested in being approached for interesting jobs, once the LinkedIn acquisition is complete, Microsoft will probably punish anyone not running Windows 10 by burying their names in search results. Get with the program - NOW!
Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading
I'm assuming that's a typo in the summary, that "URI/VNC" should read "URI/UNC".
firewalls are natively designed to open the port
My firewalls don't open any ports without me saying so.
Do some Googling for the make and model of your modem, and of the router if it's a separate piece of equipment. There are exploits going around for some CPE, cable modems in particular, that allow a remote attacker to change the configured name servers among other things. If rebooting the modem or router fixed the problem, it's more likely that's what was compromised, not a NetBIOS tunnel in Windows.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
just upgrade to Win 10 and everything will be ok. let go of your old OS and let MS set you free.
for a limited time only.
Why would I want to install Windows 10 when my perfectly good Fedora 23 distro works perfectly?
If I want to install Malware then Microsoft Windows 10 would be the way to go, after all, take a look at what Windows 10 is doing to get people to "upgrade" and what settings are on by default. Sure you can turn most of these settings to "off" but even after hacking the Registry, which most people can't do, are you quite sure you really have turned everything off?
Of course, we all really know that Big Brother^H^H^H^H^H^H^H^H^H^H^H Microsoft has our best interests at heart.
There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
"Firewalls won't stop the attack, because UDP is a connectionless protocol. We are using it to establish a tunnel. That is why it be named 'BadTunnel'," Yu explains.
My border firewall certainly stops this attack from outside the network since it does not allow IP protocol 41 which is used by ISATAP.
Submitter doesn't understand firewalls either:
firewalls are natively designed to open the port through which the attack is carried out
That's may be true of the built-in Windows firewall, but it is not generally true for other ("real") firewalls.
Agree! I am trying to decide whether to allow Windows Update on my precious Windows 7 laptop which I finally bought for work after having been subject to Windows 8 crap (I'm trying to avoid the freshly-crapped Windows 10 with which one co-worker was saddled). Never thought I'd ever actually type the sequence of characters "precious Windows" in my lifetime, but after a lot of looking, I found a laptop Dell was selling that still had Windows 7 (Dell Vostro); it comes with a "Recovery CD-ROM" that installs Windows 8, so if my Windows 7 installation ever craps out, I'll have to be dragged screaming and kicking back into the Windows 8+ world.
As soon as I got wind of Microsoft's "We'll upgrade you to Win10 for free! Whether or not you like!" scam, I disabled Windows updates. Now I have to figure out whether I want to get Win7 updated to protect me from this vulnerability, and risk having the entire system turned into a Win10 system. :sigh:
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
it was a joke.
I'm more of a debian guy myself, but fedora is good too.
Given how many "stealth Win10 install" patches are lined up in all our "windows updates" notifications, and that plenty of people on /. and elsewhere have stated clearly they've just plain shut down all updates rather than try to weed out the crapware ones, it's pretty clear this vulnerability will remain on plenty of machines for a long time.
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
NetBIOS was always a bit of a hack anyway. We shouldn't be using it anymore, period. An internal DNS is enough and easy to setup.
"Imagination is more important than knowledge" - Einstein
I tend to use a philosophy of "less is more"
Actually, less is more than more.
Just ask any csh jock.
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
Yeah, the next zero day to come along affecting XP will be a big deal since it is out of support and therefore the problem will never be patched. I totally agree that you are going to be more secure running Windows 7, 8, or 10 than XP.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Yeah. but hey. c'mon now. Net Bios? Anyone still even *using* it? ;-)