Security News > 2020 > October > US Cyber Command Urges Users to Patch New 'Ping of Death' Windows Flaw
The United States Cyber Command warns that users should apply the latest patches for Microsoft software to ensure they won't fall victim to exploitation attempts.
The most important of these issues, US Cyber Command points out, is CVE-2020-16898, a critical bug in the Windows TCP/IP stack that can be triggered remotely to potentially achieve remote code execution on the victim machine.
Addressed on October 2020 Patch Tuesday, the flaw can be exploited through specially crafted ICMPv6 Router Advertisement packets sent to a vulnerable system, as these packets are not handled properly.
Both Windows 10 and Windows Server are susceptible to exploitation.
McAfee, which calls the vulnerability "Bad Neighbor" due to the fact that it is located within an ICMPv6 Neighbor Discovery Protocol, explains that consumer Windows 10 systems will likely be impacted the most, as there are only hundreds of Windows Server 2019 machines with IPv6 addresses.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-16 | CVE-2020-16898 | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. low complexity microsoft | 8.8 |