Update: Microsoft lowered the vulnerability’s exploitability index rating and severity, more info here.
US Cyber Command warns Microsoft customers to immediately patch their systems against the critical and remotely exploitable CVE-2020-16898 vulnerability addressed during this month’s Patch Tuesday.
“Update your Microsoft software now so your system isn’t exploited: CVE-2020-16898 in particular should be patched or mitigated immediately, as vulnerable systems could be compromised remotely,” US Cyber Command said in a tweet earlier today,
Microsoft states that the CVE-2020-16898 bug, also known as ‘Bad Neighbor’, is a remote code execution (RCE) vulnerability in the Windows TCP/IP stack that can also be used to trigger a denial of service (DoS) leading to a Blue Screen of Death (BSoD).
This bug can be exploited remotely by unauthenticated attackers who send maliciously crafted ICMPv6 Router Advertisement packets to a target Windows computer.
Bad Neighbor impacts both client (Windows 10 versions 1709 up to 2004) and server (Windows Server version 1903 up to 2004 and Windows Server 2019) platforms, making it a critical vulnerability for all modern Windows environments.
Microsoft’s October 2020 Patch Tuesday fixed 87 vulnerabilities in total, 12 of them classified as Critical, 74 as Important, and one as moderate severity.