SoylentNews

An Anonymous Coward writes:

Thomas Fox-Brewster, Forbes Staff | Jun 14, 2016 @01:00 PM

"Microsoft is today closing off a vulnerability that one Chinese researcher claims has "probably the widest impact in the history of Windows." Every version of the Microsoft operating system going back to Windows 95 is affected, leaving anyone still running unsupported operating systems, such as XP, in danger of being surreptitiously surveilled.

According to Yang Yu, founder of Tencent;s Xuanwu Lab, the bug can be exploited silently with a "near-perfect success rate", as the problems lie in the design of Windows. The ultimate impact? An attacker can hijack all a target;s web use, granting the hacker "Big Brother power", as soon as the victim opens a link or plugs in a USB stick, claimed Yu. He received $50,000 from Microsoft;s bug bounty program for uncovering the weakness, which the researcher has dubbed BadTunnel. Microsoft issued a fix today in its Patch Tuesday list of updates.

"Even security software equipped with active defense mechanisms are not able to detect the attack," Yu told FORBES. "Of course it is capable of execute malicious code on the target system if required.""

Complete Story:

http://www.forbes.com/sites/thomasbrewster/2016/06/14/microsoft-badtunnel-big-brother-windows-vulnerability/ [forbes.com]
(Archived) https://archive.is/6My6c [archive.is]

Original Submission