Welcome! Here you can paste sources and general debugging text, You can even set yourself a password if you want to keep it just for yourself.

Posted by BadTunnel on June Wed 15th 3:14 AM - Never Expires - Views: 5444

  1. 'BadTunnel' Bugs Left Every Microsoft Windows PC Vulnerable For 20 Years
  2.  
  3. - Thomas Fox-Brewster, Forbes Staff | Jun 14, 2016 @ 01:00 PM
  4. - Copyright Forbes.com | ARCHIVED/FAIR USE: Educational
  5.  
  6. "Microsoft is today closing off a vulnerability that one Chinese researcher claims has "probably the widest impact in the history of Windows." Every version of the Microsoft operating system going back to Windows 95 is affected, leaving anyone still running unsupported operating systems, such as XP, in danger of being surreptitiously surveilled.
  7.  
  8. According to Yang Yu, founder of Tencent's Xuanwu Lab, the bug can be exploited silently with a "near-perfect success rate", as the problems lie in the design of Windows. The ultimate impact? An attacker can hijack all a target's web use, granting the hacker "Big Brother power", as soon as the victim opens a link or plugs in a USB stick, claimed Yu. He received $50,000 from Microsoft's bug bounty program for uncovering the weakness, which the researcher has dubbed BadTunnel. Microsoft issued a fix today in its Patch Tuesday list of updates.
  9.  
  10. "Even security software equipped with active defense mechanisms are not able to detect the attack," Yu told FORBES. "Of course it is capable of execute malicious code on the target system if required."
  11.  
  12. Yu, who is one of only three ever recipients of more than $100,000 Microsoft bounty, said there are myriad ways a hacker could exploit the flaw. "This vulnerability can be exploited through Edge, Internet Explorer, Microsoft Office and many other third-party software on Windows," Yu added. "It can also be exploited through web servers or even through thumb drives insert the thumb drive into one of the ports on the system and the exploitation is complete."
  13.  
  14. = How the attack works
  15.  
  16. Yu said a successful exploit of the flaw would spoof connections over NetBIOS, a tool originally developed by IBM that that allows software on different computers to communicate with one another over a local area network (LAN). Though the attack would take place over It does not require the attacker resides in the same network. The attack can even succeed when there are firewall and NAT devices in between, as Windows trusts connections from any IP address, according to Yu. He found it was possible to guess the right identifier for a network device (known as a transaction id) and therefore set up trusted interactions across the network. That meant it was possible to redirect the target's traffic to his own PC.
  17.  
  18. This was possible as an attacker could make it seem like their machine was a network device, such as a local printer server or file server. Not only can the hacker spy on non-encrypted traffic, they could intercept and tamper with Windows Update downloads. And they could inject further attacks in webpages visited by the victim. For instance, they could ensure that the "tunnel" between the target and the hacker would remain open by inserting code into webpages cached by the browser.
  19.  
  20. Yu believes his findings are the first of their kind. "This is probably the very first time in the history to successfully hijack the broadcast protocol within local area network from the internet," he added. "This is probably the very first time in the history to successfully create a tunnel to pass through firewall and network address translation (NAT) devices, and attack intranet devices directly from the internet."
  21.  
  22. Ollie Whitehouse, technical director at cyber security and risk mitigation specialist NCC Group , suggested the weaknesses would be difficult exploit due to the need to "chain" different vulnerabilities. But Yu claimed that as long as the hacker understood the principles of the attack chain, they could write an exploit in just 20 minutes.
  23.  
  24. Users running supported Windows versions should update as soon as they can. For those running unsupported versions of Windows, such as XP, the researcher recommended disabling NetBIOS over TCP/IP. Microsoft has step-by-step guidance for just that on its TechNet site. Blocking outbound connections over the NetBIOS port 137 would have a similar effect.
  25.  
  26. Yu is due to present his findings at the Black Hat conference in Las Vegas this August."
  27.  
  28. = Complete Story:
  29.  
  30. http://www.forbes.com/sites/thomasbrewster/2016/06/14/microsoft-badtunnel-big-brother-windows-vulnerability/
  31. (Archived) https://archive.is/6My6c
  32.  
  33. ==============
  34.  
  35. = Links in article:
  36.  
  37. http://www.forbes.com/companies/microsoft
  38. https://technet.microsoft.com/en-us/library/security/ms16-077.aspx
  39. https://technet.microsoft.com/en-us/security/dn469163.aspx
  40. https://www.microsoft.com/en-us/windows/microsoft-edge
  41. https://en.wikipedia.org/wiki/NetBIOS
  42. http://www.forbes.com/companies/ibm
  43. http://www.forbes.com/companies/ncc-group
  44. https://technet.microsoft.com/en-us/library/cc940063.aspx
  45. https://www.blackhat.com/us-16/briefings.html#badtunnel-how-do-i-get-big-brother-power
  46.  
  47. ==============
  48.  
  49. = Some details from "blackhat.com" link above:
  50.  
  51. "BadTunnel: How Do I Get Big Brother Power?
  52.  
  53. This presentation will introduce a new threat model. Based on this threat model, we found a flaw in the Windows system. It affects all Windows released in the last two decades, including Windows 10. It also has a very wide range of attacks surface. The attack can be performed on all versions of Internet Explorer, Edge, Microsoft Office, many third-party software, USB flash drives, and even Web server. When this flaw is triggered, YOU ARE BEING WATCHED.
  54.  
  55. We will also show you how to defend against this threat, particularly on those systems are no longer supported by Microsoft."
  56.  
  57. - https://www.blackhat.com/us-16/briefings.html#badtunnel-how-do-i-get-big-brother-power
  58.  
  59. - Presented by: Yang Yu
  60. https://www.blackhat.com/us-16/speakers/Yang-Yu.html
  61.  
  62. ==============
Language:
To highlight particular lines, prefix each line with @@




© 2017  admin@YSblue (Implemented and Adapted) - Powered by PASTE 1.0