CVE-2020-16898 VULNERABILITIES IN WINDOWS TCP/IP STACK

10/23/2020

Microsoft recently published a security patch addressing a remote code execution vulnerability in the IPv6 stack, known as CVE-2020- 16898 or "Bad Neighbor". The issue is caused by an improper handling of Router Advertisement messages, which are part of the Neighbor Discovery protocol.

OVERVIEW

Microsoft recently published a security patch addressing a remote code execution vulnerability in the IPv6 stack, known as CVE-2020-16898 or "Bad Neighbor".
The issue is caused by an improper handling of Router Advertisement messages, which are part of the Neighbor Discovery protocol.
The vulnerability reported in Microsoft Windows can allow a remote attacker to execute arbitrary code or cause denial-of-service (DoS) conditions on a targeted system by sending a specially crafted ICMPv6 Router Advertisement packet to an affected system.
The effects of an exploit that would grant remote code execution would be widespread and highly impactful, as this type of bug could be made wormable.

OVERVIEW

Microsoft recently published a security patch addressing a remote code execution vulnerability in the IPv6 stack, known as CVE-2020-16898 or "Bad Neighbor".

The issue is caused by an improper handling of Router Advertisement messages, which are part of the Neighbor Discovery protocol.

The vulnerability reported in Microsoft Windows can allow a remote attacker to execute arbitrary code or cause denial-of-service (DoS) conditions on a targeted system by sending a specially crafted ICMPv6 Router Advertisement packet to an affected system.

The effects of an exploit that would grant remote code execution would be widespread and highly impactful, as this type of bug could be made wormable.