Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

US Cyber Command Urges Users to Patch New ‘Ping of Death’ Windows Flaw

The United States Cyber Command (USCYBERCOM) warns that users should apply the latest patches for Microsoft software to ensure they won’t fall victim to exploitation attempts.

The United States Cyber Command (USCYBERCOM) warns that users should apply the latest patches for Microsoft software to ensure they won’t fall victim to exploitation attempts.

The most important of these issues, US Cyber Command points out, is CVE-2020-16898, a critical bug in the Windows TCP/IP stack that can be triggered remotely to potentially achieve remote code execution on the victim machine.

While remote code execution might not be easy to achieve, Sophos has demonstrated how the vulnerability can be exploited to cause a Blue Screen of Death (BSoD), which is why the company has described it as a “Ping of Death” vulnerability.

Addressed on October 2020 Patch Tuesday, the flaw can be exploited through specially crafted ICMPv6 Router Advertisement packets sent to a vulnerable system, as these packets are not handled properly. Both Windows 10 and Windows Server are susceptible to exploitation.

“Update your Microsoft software now so your system isn’t exploited: CVE-2020-16898 in particular should be patched or mitigated immediately, as vulnerable systems could be compromised remotely,” USCYBERCOM says.

McAfee, which calls the vulnerability “Bad Neighbor” due to the fact that it is located within an ICMPv6 Neighbor Discovery Protocol, explains that consumer Windows 10 systems will likely be impacted the most, as there are only hundreds of Windows Server 2019 machines with IPv6 addresses.

“We believe this vulnerability can be detected with a simple heuristic that parses all incoming ICMPv6 traffic, looking for packets with an ICMPv6 Type field of 134 – indicating Router Advertisement – and an ICMPv6 Option field of 25 – indicating Recursive DNS Server (RDNSS). If this RDNSS option also has a length field value that is even, the heuristic would drop or flag the associated packet, as it is likely part of a ‘Bad Neighbor’ exploit attempt,” the security firm says.

On Tuesday, Microsoft released patches to address not only this flaw, but also CVE-2020-16899, a second bug in the TCP/IP driver, which could be abused to cause denial of service.

Advertisement. Scroll to continue reading.

Users are advised to apply the available patches as soon as possible. If that’s not a viable option, available workarounds include disabling IPv6, or blocking or dropping ICMPv6 Router Advertisements at the network perimeter.

“Windows Defender and Windows Firewall fail to block the proof-of-concept when enabled. It is unknown yet if this attack can succeed by tunneling the ICMPv6 traffic over IPv4 using technologies like 6to4 or Teredo. Our efforts to repeat the attack in this manner have not been successful to date,” McAfee says.

Related: Microsoft Patches New Windows ‘Ping of Death’ Vulnerability

Related: Microsoft Patches Several Publicly Disclosed Windows Vulnerabilities

Related: Actively Exploited Windows Spoofing Flaw Patched Two Years After Disclosure

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

Professional services company Slalom has appointed Christopher Burger as its first CISO.

More People On The Move

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...