Bad Neighbor: US Cyber Command warns Microsoft customers to immediately Patch


Microsoft claims the CVE-2020-16898 bug, also known as bad Neighbor', is a remote code execution (RCE) vulnerability in the Windows TCP/IP pile which is also utilized to activate a denial of service (DoS) resulting in a Blue Screen of Death (BSoD). 


{tocify} $title={Table of Contents}


This bug could be exploited remotely by unauthenticated attackers who ship maliciously crafted ICMPv6 Router Advertisement packets to a victim Windows computer.  Lousy Neighbor affects both customer (Windows 10 variations 1709 around 2004) and host (Windows Server variant 1903 around 2004 and Windows Server 2019) platforms, which makes it a crucial vulnerability for most contemporary Windows environments.    



Microsoft's October 2020 Patch Tuesday mended 87 vulnerabilities in total, 12 of these categorized as Crucial, 74 as Significant, and just yet as moderate seriousness.  US Cyber Control warns Microsoft clients to quickly patch their systems from the crucial and exploitable CVE-2020-16898 vulnerability addressed in that month's Patch Tuesday.



CVE-2020-16898 Proof Of Concept  DDoS  Exploits


Microsoft has shared with a proof-of-concept (POC) Using MAPP Associates according to an Article   from McAfee Labs yesterday,


"The proof-of-concept shared with MAPP (Microsoft Active Protection Program) members is both extremely simple and perfectly reliable,"

"It results in an immediate BSOD (Blue Screen of Death), but more so, indicates the likelihood of exploitation for those who can manage to bypass Windows 10 and Windows Server 2019 mitigations." 


Since SophosLabs Offensive Security researchers clarified the Turks' POC exploit will should bypass stack canaries and kernel Address Space Layout Randomization (ASLR) to successfully attain remote code execution. 

2020-10 Patch Tuesday CVE-2020-16898 proof-of-concept from Spike on Vimeo.


It wouldn't be surprising if danger celebrities will also shortly produce their own DoS exploits.



Depending on the details offered by Microsoft, British security company Sophos continues to be in a position to make a refusal of support POC that induces a BSOD on almost any exposed Windows 10 or Windows Server devices.


"Even so, the threat of denial of service at will with a relatively easily-crafted packet should be enough by itself to prompt rapid patching—which is the only real fix for this vulnerability," Sophos added


While creating a denial-of-service POC that would permit attackers to create BSODs liberally is fairly simple, making an RCE harness is very hard.



Temporary Mitigation For CVE-2020-16898 


Microsoft advises its clients who can not immediately use the security update that addresses this crucial security bug to disable the ICMPv6 Recursive DNS Server (RDNSS)  using the  PowerShell control on systems running Windows 1709 and over 

netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable


You can enable it back once you update your system by changing the disable to enable eg.

 

netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enable

Previous Post Next Post