Security News > 2020 > October > Microsoft Patches New Windows 'Ping of Death' Vulnerability
One of the vulnerabilities that Microsoft addressed as part of the October 2020 Patch Tuesday is a critical bug in Windows' TCP/IP driver that could lead to the remote execution of code.
An attacker could send specially crafted ICMPv6 Router Advertisement packets to a remote Windows machine to exploit the flaw and execute arbitrary code, Microsoft explains.
This flaw too can be exploited through crafted packets, but would not result in code execution, Microsoft says.
SophosLabs' security researchers have published a video to demonstrate how the first vulnerability can be exploited to trigger a Blue Screen of Death.
"Once we understood the bug, developing a 'Blue Screen of Death' proof-of-concept was fairly straightforward. But taking it to the level that Microsoft has warned is possible-remote code execution-is not. Modern defensive coding standards and practices would slow down an effort to build a reliable generic RCE exploit, for two reasons," SophosLabs notes.
News URL
Related news
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
- Microsoft adds another problem to the Windows 11 24H2 naughty list (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)