Security News > 2020 > October > Microsoft Patches New Windows 'Ping of Death' Vulnerability
One of the vulnerabilities that Microsoft addressed as part of the October 2020 Patch Tuesday is a critical bug in Windows' TCP/IP driver that could lead to the remote execution of code.
An attacker could send specially crafted ICMPv6 Router Advertisement packets to a remote Windows machine to exploit the flaw and execute arbitrary code, Microsoft explains.
This flaw too can be exploited through crafted packets, but would not result in code execution, Microsoft says.
SophosLabs' security researchers have published a video to demonstrate how the first vulnerability can be exploited to trigger a Blue Screen of Death.
"Once we understood the bug, developing a 'Blue Screen of Death' proof-of-concept was fairly straightforward. But taking it to the level that Microsoft has warned is possible-remote code execution-is not. Modern defensive coding standards and practices would slow down an effort to build a reliable generic RCE exploit, for two reasons," SophosLabs notes.
News URL
Related news
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft removes Assassin’s Creed Windows 11 upgrade blocks (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)