Now, you have another very good reason to upgrade to Windows 10. If you refuse to do that, then at the very least, you have a very good reason to move away from versions of Windows that are no longer receiving critical security updates (Windows XP, Windows Server 2003, etc.). A devastating security flaw has been found that researchers are calling “Bad Tunnel.” Using it, hackers could hijack all network traffic on any Windows PC.
The only saving grace is that there is some social engineering required. Users have to be tricked into accessing files via links or shortcuts in various application. Relying on this to save you, however, is thin protection indeed.
Bad Tunnel exists because of the way Microsoft implemented NetBIOS protocols on every version of Windows they’ve made. In terms of practical application, a hacker could use the exploit, redirect network traffic on that PC to a malware laden location, which would allow a takeover of the PC in question. The attacker does not have to reside on the same network, and firewalls and NAT devices will not prevent it.
Windows 10 has already been patched, via MS16-077, so this is not an issue for Windows 10 users, but everyone else is impacted, and of course, if you’re one of the millions of users still running Windows XP, the issue is simply not going to be fixed. No patches are coming, and it’s not something you can remedy on your own. At this point, the only option you have is to simply live with the heightened risk, or upgrade your OS.
Everyone knew that this day was coming. That sooner or later a critical security flaw would be uncovered that would put people who were slow to move away from unsupported OSs at dramatically increased risk. That day has now arrived. If the clock was ticking before, it just got a whole lot louder, and the alarm is going off.