20 years later, Microsoft finally fixed the Windows system BadTunnel vulnerability, including Win10

Computer shop news: Windows has been exposed to serious loopholes! In the June security update released yesterday, Microsoft just fixed a high-risk vulnerability. It can affect all versions of the operating system from Windows 95 to Windows 10. It is understood that the vulnerability was discovered by Tencent Xuanwu Lab and was named BadTunnel.

BadTunnel is probably the most widely exploited vulnerability in Windows history. In particular, users who use Microsoft to no longer provide a security support system (such as Windows XP) may face the risk of being secretly monitored. The BadTunnel vulnerability is a problem with the original design of Windows, which enables near-perfect silent operation. When a victim clicks on a network connection or inserts a USB device, the hacker can hijack all of the user's network usage and become the "big brother" of the user's computer. To make matters worse, even if the security software has active defense enabled, it cannot be detected. Researchers who discovered the vulnerability said that hackers can compromise users' computers through Windows 10 Edge browsers, Internet Explorer, Office, third-party software running on Windows, and even web servers and removable devices such as USB sticks. So how does the vulnerability work? According to the description, BadTunnel is derived from a vulnerability generated by the WPAD (Web Proxy Auto Discovery) protocol. The vulnerability could allow elevation of privilege when the WPAD protocol falls back to a vulnerable agent discovery process on the target system. The researchers said the vulnerability required a fake NetBIOS connection to allow different devices to communicate over the LAN. For attackers, even if they are not on the same network as the target, there is no need to worry about firewalls and NAT devices. This is because by default, Windows trusts network connections from any IP. A hacker can guess the correct identifier of a network device to establish a trusted interaction in the network. This means that the hacker can redirect all of the target user's communications to their computer. Simply put, hackers can disguise their computers as network devices, such as local printer servers or file servers. Hackers can not only monitor non-encrypted networks, but also intercept and tamper with Windows Update downloads. Hackers can also take advantage of web pages that have been victimized to perform further attacks. For example, by adding code to the web cache, the hacker can ensure that the "tunnel" between the target user and the hacker is open. Researchers say this is perhaps the first time in history that vulnerabilities can span devices such as network firewalls and NATs, allowing hackers to attack intranet devices over the Internet. Microsoft has pushed security updates to users, but it's important to note that users need to combine MS16-063 and MS16-077 to fully fix the vulnerability. For systems that Microsoft does not support, such as Windows XP, the easiest way to avoid this vulnerability is to disable the NetBIOS protocol. Microsoft also published a technical guide on the Technet technology website to help users manually change the operating system to avoid the threat of this vulnerability. At present, we are in the era of mobile Internet, and information security has become a problem that every user cannot ignore. When giants such as Microsoft continue to improve the security of their products, users should try to keep their operating systems/software up to date to effectively avoid various types of security threats, thus preventing computers from being threatened by cyber threats.