Security News > 2020 > October > It's 2020 and a rogue ICMPv6 network packet can pwn your Microsoft Windows machine
Microsoft's Update Tuesday patch dump for October 2020 has delivered security patches that attempt to address 87 CVEs for a dozen Redmond products.
According to Microsoft, the Windows TCP/IP stack doesn't properly handle ICMPv6 Router Advertisement packets.
Thus someone could send a vulnerable machine a maliciously crafted IPv6 packet over the network to inject and execute code on the box, and ultimately hijack it - presumably with kernel-level privileges.
Microsoft said exploitation is likely, and a workaround is available for Windows build 1709 and above.
"If you're running an IPv6 network, you know that filtering router advertisements is not a practical workaround. Microsoft also gives this bug its highest exploitability rating, so exploits are likely. You should definitely test and deploy this patch as soon as possible."
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/13/microsoft_patch_tuesday/
Related news
- Microsoft: Recent Windows updates cause Remote Desktop issues (source)
- Microsoft fixes printing issues caused by January Windows updates (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)
- Microsoft fixes Remote Desktop issues caused by Windows updates (source)
- Microsoft's killing script used to avoid Microsoft Account in Windows 11 (source)
- Microsoft tests new Windows 11 tool to remotely fix boot crashes (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
- Microsoft adds hotpatching support to Windows 11 Enterprise (source)
- Microsoft starts testing Windows 11 taskbar icon scaling (source)
- Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option (source)