US Cyber Command advises Windows users to immediately patch their systems against the remotely exploitable CVE-2020-16898 issue in the Windows TCP/IP stack.
“Upd ate your Microsoft software now so your system isn’t exploited: CVE-2020-16898 in particular should be patched or mitigated immediately, as vulnerable systems could be compromised remotely,” the agency warned in a tweet.
Microsoft addressed the CVE-2020-16898 vulnerability, also known as “Bad Neighbor”, as part of its October 2020 Patch Tuesday release. The company describes the issue as a remote code execution vulnerability, which exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. By exploiting this flaw an attacker could execute code on the target server or client with the help of specially crafted ICMPv6 Router Advertisement packets sent to a remote Windows computer.
In addition, CVE-2020-16898 could be used trigger a denial of service (DoS) leading to a Blue Screen of Death (BSoD). The vulnerability affects both client (Windows 10 versions 1709 up to 2004) and server (Windows Server version 1903 up to 2004 and Windows Server 2019) platforms.
According to McAffee Labs, Microsoft has already provided the proof-of-concept to MAPP (Microsoft Active Protection Program) members, which is “both extremely simple and perfectly reliable.”
Based on information shared by Microsoft, researchers at SophosLabs also created the PoC code, although they did not provide any details to prevent exploitation by attackers.
Users who can’t immediately apply the security upd ate resolving CVE-2020-16898 are recommended to disable ICMPv6 RDNSS using the following PowerShell command (no reboot is needed):
netsh int ipv6 se t int *INTERFACENUMBER* rabaseddnsconfig=disable
To disable the workaround users can use the following PowerShell command (no reboot is needed):
netsh int ipv6 se t int *INTERFACENUMBER* rabaseddnsconfig=enable
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/
UK +44 20 8089 9944