Security News > 2020 > October > Microsoft Patches New Windows 'Ping of Death' Vulnerability
One of the vulnerabilities that Microsoft addressed as part of the October 2020 Patch Tuesday is a critical bug in Windows' TCP/IP driver that could lead to the remote execution of code.
An attacker could send specially crafted ICMPv6 Router Advertisement packets to a remote Windows machine to exploit the flaw and execute arbitrary code, Microsoft explains.
This flaw too can be exploited through crafted packets, but would not result in code execution, Microsoft says.
SophosLabs' security researchers have published a video to demonstrate how the first vulnerability can be exploited to trigger a Blue Screen of Death.
"Once we understood the bug, developing a 'Blue Screen of Death' proof-of-concept was fairly straightforward. But taking it to the level that Microsoft has warned is possible-remote code execution-is not. Modern defensive coding standards and practices would slow down an effort to build a reliable generic RCE exploit, for two reasons," SophosLabs notes.
News URL
Related news
- Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- Microsoft: New Windows updates fix Active Directory policy issues (source)
- Microsoft tells Windows users to ignore 0x80070643 WinRE errors (source)
- Microsoft: Some devices offered Windows 11 upgrades despite Intune blocks (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)
- Microsoft fixes Remote Desktop freezes caused by Windows updates (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- Microsoft: Windows Server hotpatching to require subscription (source)