Security News > 2020 > October > It's 2020 and a rogue ICMPv6 network packet can pwn your Microsoft Windows machine
Microsoft's Update Tuesday patch dump for October 2020 has delivered security patches that attempt to address 87 CVEs for a dozen Redmond products.
According to Microsoft, the Windows TCP/IP stack doesn't properly handle ICMPv6 Router Advertisement packets.
Thus someone could send a vulnerable machine a maliciously crafted IPv6 packet over the network to inject and execute code on the box, and ultimately hijack it - presumably with kernel-level privileges.
Microsoft said exploitation is likely, and a workaround is available for Windows build 1709 and above.
"If you're running an IPv6 network, you know that filtering router advertisements is not a practical workaround. Microsoft also gives this bug its highest exploitability rating, so exploits are likely. You should definitely test and deploy this patch as soon as possible."
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/13/microsoft_patch_tuesday/
Related news
- Microsoft launches ad-supported Office apps for Windows users (source)
- Microsoft tests ad-supported Office apps for Windows users (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
- Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix (source)