by Bob Rudis
If you’re in the U.S. and were waiting for an “October surprise”, look no further than CVE-2020-16898 which is a remote code execution (RCE) vulnerability in the Windows TCP/IP stack, or what our own Tod Beardsley likes to call “exploiting poor implementations of core IETF RFCs”.
The vulnerability arises when the TCP/IP stack does not properly handle ICMPv6 Router Advertisement packets. Successful exploitation requires sending specially-crafted ICMPv6 Router Advertisement packets to a remote Windows computer and could give an attacker the ability to execute code on the target server or client. CVE-2020-16898 carries a CVSSv3 base score of 9.8.
Our talented crew of Rapid7 vulnerability researchers have a technichal analysis up on AttackerKB, and security firm McAfee has their own technical analysis of CVE-2020-16898 available here, which we recommend reading. Their research and engineering teams note that the Microsoft-provided exploit is “both extremely simple and perfectly reliable[, and] results in an immediate [Blue Screen of Death] (BSoD)”.
Before we go any further, we would like to strongly encourage you to patch this vulnerability if you are running Windows 10, Windows Server 2019, or Windows Server Core 1903, 1909, or 2004. You really don’t want to mess around when the word “wormable” is being used and so many eyes are on the non-BSOD prize of a fully-working RCE. If you cannot patch, consider disabling ICMPv6 Recursive DNS Server (RDNSS) as a workaround (which is, unfortunately, o ..
Support the originator by clicking the read the rest link below.
![[Meme] António is](upload/sources/90591557817151.jpg)
