Security News > 2020 > October > It's 2020 and a rogue ICMPv6 network packet can pwn your Microsoft Windows machine
Microsoft's Update Tuesday patch dump for October 2020 has delivered security patches that attempt to address 87 CVEs for a dozen Redmond products.
According to Microsoft, the Windows TCP/IP stack doesn't properly handle ICMPv6 Router Advertisement packets.
Thus someone could send a vulnerable machine a maliciously crafted IPv6 packet over the network to inject and execute code on the box, and ultimately hijack it - presumably with kernel-level privileges.
Microsoft said exploitation is likely, and a workaround is available for Windows build 1709 and above.
"If you're running an IPv6 network, you know that filtering router advertisements is not a practical workaround. Microsoft also gives this bug its highest exploitability rating, so exploits are likely. You should definitely test and deploy this patch as soon as possible."
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/13/microsoft_patch_tuesday/
Related news
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft retires Windows updates causing 0x80070643 errors (source)
- Microsoft removes FAT32 partition size limit in Windows 11 (source)
- Microsoft to rollout Windows Recall to Insiders in October (source)
- Microsoft to roll out Windows Recall to Insiders in October (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)
- Microsoft Delays Recall Launch for Windows Insider Members Until October (source)
- Microsoft is trying to reduce Windows 11's desktop spotlight clutter (source)
- Microsoft to start force-upgrading Windows 22H2 systems next month (source)