Security News > 2020 > October > Windows “Ping of Death” bug revealed – patch now!

Loosely speaking, if someone can ping your unpatched Windows 10 or Windows Server 2019 computer from theirs, they can probably crash you with this bug.

In other words, Windows stack overflows in networking software almost always used to lead to so-called remote code execution exploits, where attackers could trigger the bug from afar with specially crafted network traffic, run code of their own choosing, and thereby inject malware without you even being aware.

Numerous security improvements in Windows, from Windows XP SP3 onwards, have made stack overflows harder and harder to exploit, and these days they can often only be used to force crashes, not to take over completely.

A value of 1 means that even if the bug turns out to be very hard to exploit, you can expect attackers to try really hard at it, because previous bugs of this sort have been exploited successfully.

For an explanation of why modern versions of Windows aren't easy to exploit using this flaw, and for a justification of why our own Offensive Security Team thinks it's unlikely - but not impossible! - that anyone will succeeed, please read the SophosLabs report.

News URL

https://nakedsecurity.sophos.com/2020/10/14/windows-ping-of-death-bug-revealed-patch-now/