Microsoft has released details of a buffer overflow vulnerability, called Bad Neighbour (or Ping of Death Redux), affecting Windows 10 and Windows Server. They claim that an unauthenticated attacker could exploit this vulnerability to gain remote code execution (RCE) capability on affected systems.
Bad Neighbour is a DoS and potential RCE vulnerability affecting Windows 10 and Windows Server. There are several public exploits, including one provided by Microsoft, that are able to crash affected systems, however none have been able to achieve RCE.
Affected platformsThe following platforms are known to be affected:
- Windows 10 Versions: 1709 (for 32-bit, x64, and ARM64), 1803 (for 32-bit, x64, and ARM64), 1809 (for 32-bit, x64, and ARM64), 1903 (for 32-bit, x64, and ARM64), 1909 (for 32-bit, x64, and ARM64), 2004 (for 32-bit, x64, and ARM64)
- Microsoft Windows Server Versions: 2019 and 2019 Server Core, 1903 Server Core, 1909 Server Core, 2004 Server Core
Affected organisations are encouraged to review the following Microsoft security update guide and apply the relevant updates.
Organisations unable to apply updates should consider implementing the following mitigation:
- Disable IPv6, either on Network Interface Cards or at the network perimeter, if it is not required.
- Block or drop ICMPv6 Router Advertisement packets at the network perimeter.
- Disable ICMPv6 RDNSS using the below PowerShell command. Please note that this workaround is only available on Windows 10 1709 and later.
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable
CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.
To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.
The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets.
Definitive source of threat updates
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.