A security researcher has uncovered a serious vulnerability that affects every version of Microsoft’s Windows operating system from Windows 95 to Windows 10. The vulnerability could give attackers a way to set up man-in-the-middle attacks against victims by getting them to click on a link, open a Microsoft Office document or plug in a USB drive.

In an interview with Dark Reading, Yang Yu, who earned a whopping $50,000 bug bounty for the discovery he’s nicknamed BadTunnel, described the impact in grandiose terms:

This vulnerability has a massive security impact – probably the widest impact in the history of Windows.

Microsoft released a fix for the vulnerability on Tuesday in security bulletin MS16-077. Users of unsupported Windows versions such as Windows XP should disable NetBIOS over TCP/IP.

Original article is by Mark Stockley and you can read the rest here.

Categories: Tech Talk