US Cyber Command advises Windows users to immediately patch their systems against the remotely exploitable CVE-2020-16898 issue in the Windows TCP/IP stack.
“Upd ate your Microsoft software now so your system isn't exploited: CVE-2020-16898 in particular should be patched or mitigated immediately, as vulnerable systems could be compromised remotely,” the agency warned in a tweet.
Microsoft addressed the CVE-2020-16898 vulnerability, also known as “Bad Neighbor”, as part of its October 2020 Patch Tuesday release. The company describes the issue as a remote code execution vulnerability, which exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. By exploiting this flaw an attacker could execute code on the target server or client with the help of specially crafted ICMPv6 Router Advertisement packets sent to a remote Windows computer.
In addition, CVE-2020-16898 could be used trigger a denial of service (DoS) leading to a Blue Screen of Death (BSoD). The vulnerability affects both client (Windows 10 versions 1709 up to 2004) and server (Windows Server version 1903 up to 2004 and Windows Server 2019) platforms.
According to McAffee Labs, Microsoft has already provided the proof-of-concept to MAPP (Microsoft Active Protection Program) members, which is “both extremely simple and perfectly reliable.”
Based on information shared by Microsoft, researchers at SophosLabs also created the PoC code, although they did not provide any details to prevent exploitation by attackers.
Users who can’t immediately apply the security upd ate resolving CVE-2020-16898 are recommended to disable ICMPv6 RDNSS using the following PowerShell command (no reboot is needed):
netsh int ipv6 se t int *INTERFACENUMBER* rabaseddnsconfig=disable
To disable the workaround users can use the following PowerShell command (no reboot is needed):
netsh int ipv6 se t int *INTERFACENUMBER* rabaseddnsconfig=enable