A vulnerability has been uncovered in all Windows systems – one that’s described as “probably the widest impact in the history of Windows.” Coined BadTunnel, the vulnerability could provide attackers a route directly past the defenses of a system to set up a man-in-the-middle style attack.
Security researcher Yang Yu of Tencent’s Xuanwu Lab, discovered the vulnerability, earning a $50,000 reward and allowing Microsoft to release a fix in their security bulletin MS16-077.
While Yu has largely remained mum on the details of BadTunnel, he plans to share more on the topic during the 2016 BlackHat Conference in Las Vegas, July 30-August 4.
While little is known about this vulnerability, it has apparently been darkening the doors of Windows users for quite some time, as all versions released during the past 20 years have been affected. Scarier still, the attack doesn’t discriminate between programs or their versions, featuring “compatibility” with all versions of Internet Explorer, Microsoft Office, Edge, numerous third-party softwares, Web servers, and USB drives.
We will keep tabs on this story as it develops and keep you updated as more information becomes available. Keep reading the Setton Consulting blog for more security news and announcements.