On October 14, Microsoft announced a critical vulnerability (CVE-2020-16898, also known as “Bad Neighbor”) in the Windows IPv6 stack, which means that an attacker can use the vulnerability to send maliciously crafted data packets to obtain The ability to execute code on the target server or client. The vulnerability is rated as “Critical”. In view of the possibility of exploiting the vulnerability, we recommend that users update the relevant patches as soon as possible.
1. Vulnerability description
There is a remote code execution vulnerability when the Windows TCP/IP stack incorrectly processes ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an attacker must send specially designed ICMPv6 Router Advertisement packets to a remote Windows computer.
2. Risk level
High risk, CVSS score 9.8
3. Scope of influence
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
4. Repair suggestions/temporary workarounds
1. The vulnerability can be fixed through the Tinder Personal Edition/Enterprise Edition [Vulnerability Repair] function.
Individual users use the software “Security Tools”> “Vulnerability Repair” function to repair.
Enterprise user administrators can uniformly scan and repair terminal vulnerabilities through “Management Center”> “Vulnerability Repair”.
(2) Download the patch officially provided by Microsoft:
https:// portal.msrc.microsoft.com /en-US/security-guidance/advisory/CVE-2020-16898
(3) Intranet and other users who are inconvenient to install updates can use the temporary workarounds given by Microsoft:
Disable ICMPv6 RDNSS
Open PowerShell as an administrator and copy the following command to run:
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disableCorresponding opening method
Open PowerShell as an administrator and copy the following command to run:
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enableprompt:
In the command *INTERFACENUMBER*, the user needs to query the interface number to be disabled. The specific operation is as follows (for example):
1. Open PowerShell as an administrator and enter the following command to “display interface parameters”
netsh int ipv6 show interfaceAccording to this list, you can find the interface that needs to be disabled and replace the *INTERFACENUMBER* field in the command. The command after replacement in the legend is as follows
netsh int ipv6 set int 8 rabaseddnsconfig=disableAfter returning to “OK”, the disable is successful, and the opening method is the same as above. No need to restart the computer for the above operations.
