Security News > 2020 > October > Microsoft Patches New Windows 'Ping of Death' Vulnerability
One of the vulnerabilities that Microsoft addressed as part of the October 2020 Patch Tuesday is a critical bug in Windows' TCP/IP driver that could lead to the remote execution of code.
An attacker could send specially crafted ICMPv6 Router Advertisement packets to a remote Windows machine to exploit the flaw and execute arbitrary code, Microsoft explains.
This flaw too can be exploited through crafted packets, but would not result in code execution, Microsoft says.
SophosLabs' security researchers have published a video to demonstrate how the first vulnerability can be exploited to trigger a Blue Screen of Death.
"Once we understood the bug, developing a 'Blue Screen of Death' proof-of-concept was fairly straightforward. But taking it to the level that Microsoft has warned is possible-remote code execution-is not. Modern defensive coding standards and practices would slow down an effort to build a reliable generic RCE exploit, for two reasons," SophosLabs notes.
News URL
Related news
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft retires Windows updates causing 0x80070643 errors (source)
- Microsoft removes FAT32 partition size limit in Windows 11 (source)
- New Windows IPv6 Zero-Click Vulnerability (source)
- Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data (source)
- Microsoft to rollout Windows Recall to Insiders in October (source)
- Microsoft to roll out Windows Recall to Insiders in October (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)
- Microsoft Delays Recall Launch for Windows Insider Members Until October (source)