Menu Close

‘Ping of Death’ – Microsoft Fixes Critical TCP/IP Vulnerability!

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

A new & potentially wormable remote code execution vulnerability in the Windows TCP/IP stack was patched this week.

Microsoft fixed 87 vulnerabilities across 11 different products, but the one it can be argued needs the most attention is CVE-2020-16898.

The bug, a critical remote code execution vulnerability in Windows 10 & Windows Server 2019, ‘could be exploited by sending a packet to a vulnerable machine.

‘Bad Neighbour’

This vulnerability, which is being referred to as “Bad Neighbour” & “Ping of Death Redux” by some, was one of 11 critical remote code execution bugs fixed by the company on Tuesday as part of the company’s monthly Patch Tuesday event.

The bug results from an issue with Windows TCP/IP stack, i.e. the fact that it improperly handles ICMPv6 router advertisement packets. ICMPv6 is a part of IPv6 that performs error reporting & diagnostic functions.

Router Advertisements

Router Advertisements are messages generated by IPv6 routers to advertise their presence with link and Internet parameters. Here, simply sending a specially crafted packet could lead to code execution on a vulnerable system, something which in turn could likely lead to elevated privileges.

There are no mitigations says Microsoft but there are workarounds, including outright disabling ICMPv6 RDNSS, & Microsoft instructs how to do so via a PowerShell command on Windows 1709 systems & above, that should theoretically prevent attackers from exploiting the vulnerability.

Government agencies including the US Computer Emergency Readiness Team – part of CISA – and US Cyber Command encouraged administrators to update any Microsoft software as soon as possible to prevent a remote compromise.

‘Blue Screen of Death’

While there is no evidence the vulnerability has been exploited in the wild so far, several proof-of-concepts for the vulnerability, some which result in an immediate ‘Blue Screen of Death’, or BSOD, do exist.

The vulnerability is very similar to another 2013 vulnerability (CVE-2013-3183) in Windows TCP/IP stack, an IPv6 version of the ‘Ping of Death’ attack that resulted in a denial of service – hence the Redux name, in which malformed ICMPv6 packets weren’t processed correctly.

Virtual Conference November 2020

 

 

More To Explore

Community Area

Books

Home Workouts

Recipe

spaghetti Bolognese
Days
Hours
Minutes
Seconds