BadTunnel vulnerability fixed by Patch Tuesday update
A vulnerability in Windows - all versions - can be exploited to create a man-in-the-middle attack and was discovered by a security researcher named Yang Yu. Microsoft gave him a $50,000 bounty for finding the flaw, and released a fix for it in this month's Patch Tuesday slate of updates (MS16-077). If you're still hanging on to Windows XP (not a good idea given its unsupported, no-security-updates state), you can protect against it by disabling NetBIOS over TCP/IP.
Read more about it here: