Patch Tuesday Microsoft's Update Tuesday patch dump for October 2020 has delivered security patches that attempt to address 87 CVEs for a dozen Redmond products.
Nadella's security crew has identified 22 remote code execution (RCE) CVEs though the most worrisome looks like CVE-2020-16898, Windows TCP/IP RCE, which is rated 9.8 out 10 in severity. It affects Windows desktop and server systems.
According to Microsoft, the Windows TCP/IP stack doesn't properly handle ICMPv6 Router Advertisement packets. Thus someone could send a vulnerable machine a maliciously crafted IPv6 packet over the network to inject and execute code on the box, and ultimately hijack it – presumably with kernel-level privileges. Here's the worrying blurb from Redmond:
Microsoft said exploitation is likely, and a workaround is available for Windows build 1709 and above. You're ur ..
Support the originator by clicking the read the rest link below.
