BadTunnel: the impact of Win95 to Win10“Super-vulnerability”with CVE-2 0 1 6-3 2 1 3-the vulnerability warning-the black bar safety net

ID MYHACK58:62201675892
Type myhack58
Reporter 佚名
Modified 2016-06-15T00:00:00


! Yesterday, Microsoft released a high-risk vulnerability patch the vulnerability by Tencent basaltic laboratory Creator to Yang Chinese circle of safety person of the TK, the leader of the Find, and named it“BadTunnel”, is currently the Windows history of the most wide-reaching vulnerabilities, from Win95 to Win10 are affected. In particular, for the Microsoft has an unsupported version such as Win XP, its users will face is the secret monitoring of risk. Therefore, Microsoft's vulnerability reward program for which the grant 5 0 0 0 0 $ bonus. In the Yang said, the vulnerability of the original design problem. When the user opens a URL, or open any Office File, PDF file or some other file format, or plug in a USB stick--does not even require the user to open U disk where anything, the attacker can complete use, its success rate is extremely high. The end result is that the attacker can hijack the entire target network, obtain the elevation of privileges. “Even if the security software on the active defense mechanism, is still unable to detect the attack. An attacker could also exploit the vulnerability in the target system to execute malicious code.” An attacker over the Edge, Internet Explorer, Microsoft Office or in Windows many third-party software to exploit the vulnerability, but also can through a network server or a thumb drive-the thumb drive inserted into the system of a port, use is complete. The attack principle The vulnerability is mainly a series of the respective individual design of the Protocol and characteristics of collaborative work. A successful exploit requires forge NetBIOS originally developed by IBM to connect, so that different software on the device via a local area network to communicate. Even if the attacker is not in the target network, you can still bypass the firewall and NAT devices by guess the correct network identifier is a Transaction ID, in the network to establish trusted interactions, the network traffic is all redirected to the attacker's computer. The attacker may be a computer disguised as a network device, such as a local printer server or file server. They can not only monitor unencrypted traffic, can also intercept and tamper with Windows Update download. In addition, can also be in the victim access the web page in the embodiment further attacks, for example, they can be passed to the browser cache of the page insert the code, so that the attacker and the target between the channel remains in the open state. Vulnerability mitigation For Microsoft supported versions of Windows, users need to upgrade as soon as possible, it is noted that the user need to combine MS16-0 6 3 and MS16-0 7 7 in order to completely fix the vulnerability. For Microsoft has an unsupported Windows versions such as XP, experts recommend to disable NetBIOSover TCP/IP, the Microsoft official has given the operation steps. Or blocking NetBIOS 1 3 7 port of the outbound connection can also play a similar effect. To Yang will be in 8 months, held at the Las Vegas hacker Conference on the publication of the vulnerability details.