We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Summary
Bad Neighbour is a DoS and potential RCE vulnerability affecting Windows 10 and Windows Server. There are several public exploits, including one provided by Microsoft, that are able to crash affected systems, however none have been able to achieve RCE.
Affected platforms
The following platforms are known to be affected:- Windows 10 Versions: 1709 (for 32-bit, x64, and ARM64), 1803 (for 32-bit, x64, and ARM64), 1809 (for 32-bit, x64, and ARM64), 1903 (for 32-bit, x64, and ARM64), 1909 (for 32-bit, x64, and ARM64), 2004 (for 32-bit, x64, and ARM64)
- Microsoft Windows Server Versions: 2019 and 2019 Server Core, 1903 Server Core, 1909 Server Core, 2004 Server Core
Threat details
Remediation advice
Affected organisations are encouraged to review the following Microsoft security update guide and apply the relevant updates.
Organisations unable to apply updates should consider implementing the following mitigation:
- Disable IPv6, either on Network Interface Cards or at the network perimeter, if it is not required.
- Block or drop ICMPv6 Router Advertisement packets at the network perimeter.
- Disable ICMPv6 RDNSS using the below PowerShell command. Please note that this workaround is only available on Windows 10 1709 and later.
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable
Remediation steps
Type | Step |
---|---|
Patch | CVE-2020-16898 | Windows TCP/IP Remote Code Execution VulnerabilityA remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898 |
Definitive source of threat updates
CVE Vulnerabilities
-
CVE-2020-16898Status: Reserved
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.