Security News > 2020 > October > Microsoft Patches New Windows 'Ping of Death' Vulnerability
One of the vulnerabilities that Microsoft addressed as part of the October 2020 Patch Tuesday is a critical bug in Windows' TCP/IP driver that could lead to the remote execution of code.
An attacker could send specially crafted ICMPv6 Router Advertisement packets to a remote Windows machine to exploit the flaw and execute arbitrary code, Microsoft explains.
This flaw too can be exploited through crafted packets, but would not result in code execution, Microsoft says.
SophosLabs' security researchers have published a video to demonstrate how the first vulnerability can be exploited to trigger a Blue Screen of Death.
"Once we understood the bug, developing a 'Blue Screen of Death' proof-of-concept was fairly straightforward. But taking it to the level that Microsoft has warned is possible-remote code execution-is not. Modern defensive coding standards and practices would slow down an effort to build a reliable generic RCE exploit, for two reasons," SophosLabs notes.
News URL
Related news
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
- Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix (source)
- Microsoft: Recent Windows updates cause Remote Desktop issues (source)
- Microsoft fixes printing issues caused by January Windows updates (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)
- Microsoft fixes Remote Desktop issues caused by Windows updates (source)
- Microsoft's killing script used to avoid Microsoft Account in Windows 11 (source)