BadTunnel Security Flaw Affected All Windows Versions For 20 Years

A Chinese security researcher has uncovered a serious vulnerability in all versions of the Windows operating system, from Windows 95 to Windows 10, meaning users have been vulnerable for more than 20 years.

The good news is that Microsoft has already fixed the flaw in its latest Patch Tuesday security update, allowing Yang Yu, the founder of Tencent’s Xuanwu Lab, to reveal details of what has been named ‘BadTunnel’ in an interview with Dark Reading.

BadTunnel Flaw

The bug is extremely serious as it affects all versions of Microsoft Windows, right from Windows 95 through to Windows 10. The seriousness of the bug meant that Yu reportedly earned Microsoft’s top bug bounty reward of $50,000 (£35.063).

“This vulnerability has a massive security impact – probably the widest impact in the history of Windows,” Yu is quoted as saying. “It not only can be exploited through many different channels, but also exists in all Windows versions released during the past 20 years. It can be exploited silently with a near perfect success rate.”

But what exactly is the BadTunnel? Well it is not a piece of malware. Rather it is a technique for NetBIOS-spoofing across networks due to bad coding within Windows. It allows the attacker to gain access to network traffic without being on the victim’s network. It also bypasses firewall and Network Address Translation (NAT) devices, and the flaw can allow any any program to run.

“This vulnerability is caused by a series of seemingly correct implementations, which includes a transport layer protocol, an application layer protocol, a few specific usage of application protocol by the operating system, and several protocol implementations used by firewalls and NAT devices,” Yu reportedly said.

Network Hijack

The way it works is the attacker gets the victim to visit a booby trapped web page using with Microsoft Edge or Internet Explorer. Or the victim could install a malicious flash drive or open a rigged Office document.

According to Dark Reading, the attacker’s site appears as either a file server or a local print server, and hijacks the victim’s network traffic – HTTP, Windows Updates, and even Certificated Revocation List updates via Microsoft’s CryptoAPI.

Essentially, BadTunnel exploits a series of security weaknesses, including how Windows resolves network names and accepts responses. When all of these flaws are taken together, it makes the network vulnerable to a BadTunnel attack.

Yu reportedly began uncovering the flaw during a flight last year. He was bored and began to imagine new attack scenarios, and once on the ground began testing his theory on different system configurations, and finally discovered this vulnerability in the Windows operating system.

He reported his finding to Microsoft in January, but has not come across any attacks of this nature in the wild.

The flaw was addressed this week by Microsoft in security bulletin MS16-077.

What do you know about Windows 10? Try our quiz?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

11 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

13 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

15 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

1 day ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

1 day ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

1 day ago