Home Microsoft Microsoft TCP/IP remote code execution vulnerability (CVE-2020-16898) risk notice

Microsoft TCP/IP remote code execution vulnerability (CVE-2020-16898) risk notice

64
0
Microsoft TCP/IP remote code execution vulnerability (CVE-2020-16898) risk notice
Microsoft TCP/IP remote code execution vulnerability (CVE-2020-16898) risk notice

On October 14, Microsoft announced a critical vulnerability (CVE-2020-16898, also known as “Bad Neighbor”) in the Windows IPv6 stack, which means that an attacker can use the vulnerability to send maliciously crafted data packets to obtain The ability to execute code on the target server or client. The vulnerability is rated as “Critical”. In view of the possibility of exploiting the vulnerability, we recommend that users update the relevant patches as soon as possible.

1. Vulnerability description

There is a remote code execution vulnerability when the Windows TCP/IP stack incorrectly processes ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an attacker must send specially designed ICMPv6 Router Advertisement packets to a remote Windows computer.

2. Risk level

High risk, CVSS score 9.8

3. Scope of influence

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

4. Repair suggestions/temporary workarounds

1. The vulnerability can be fixed through the Tinder Personal Edition/Enterprise Edition [Vulnerability Repair] function.

Individual users use the software “Security Tools”> “Vulnerability Repair” function to repair.

Enterprise user administrators can uniformly scan and repair terminal vulnerabilities through “Management Center”> “Vulnerability Repair”.

(2) Download the patch officially provided by Microsoft:

portal.msrc.microsoft.com 

(3) Intranet and other users who are inconvenient to install updates can use the temporary workarounds given by Microsoft:

Disable ICMPv6 RDNSS

Open PowerShell as an administrator and copy the following command to run:

netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable

Corresponding opening method

Open PowerShell as an administrator and copy the following command to run:

netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enable

prompt:

In the command *INTERFACENUMBER*, the user needs to query the interface number to be disabled. The specific operation is as follows (for example):

1. Open PowerShell as an administrator and enter the following command to “display interface parameters”

netsh int ipv6 show interface

According to this list, you can find the interface that needs to be disabled and replace the *INTERFACENUMBER* field in the command. The command after replacement in the legend is as follows

netsh int ipv6 set int 8 rabaseddnsconfig=disable

After returning to “OK”, the disable is successful, and the opening method is the same as above. No need to restart the computer for the above operations.

LEAVE A REPLY

Please enter your comment!
Please enter your name here