On October 13, 2020, Microsoft disclosed a remote code execution vulnerability in the Windows TCP/IP stack that occurs when it improperly handles ICMPv6 Router Advertisement packets. Exploiting this vulnerability allows an attacker to execute arbitrary code on a target server or client. This vulnerability, identified as CVE-2020-16898, is rated Critical. Microsoft has released a security patch to address this vulnerability.
Vulnerability information
- Vulnerability ID: CVE-2020-16898
- Severity: Critical
- Affected products
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows Server, version 1903 (Server Core installation)
- Windows Server, version 1909 (Server Core installation)
- Windows Server, version 2004 (Server Core installation)
Description
A remote code execution vulnerability, identified as CVE-2020-16898, exists in the Windows TCP/IP stack due to improper handling of ICMPv6 Router Advertisement packets. To exploit this vulnerability, an attacker must send a specially crafted ICMPv6 Router Advertisement packet to a target Windows computer. An unauthenticated, remote attacker can achieve remote code execution (RCE). No publicly available exploits have been reported.
Recommendations
Apply the official patches immediately.
Resolution
- Download and apply the security patch from the official Microsoft Security Response Center. See CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability.
- The Windows system vulnerability module in Alibaba Cloud Security Center can detect and patch this vulnerability with a single click. For more information, see Manage vulnerabilities.
- Disable ICMPv6 RDNSS to mitigate the risk.To prevent attackers from exploiting this vulnerability, run the following PowerShell command to disable ICMPv6 RDNSS. This workaround applies only to Windows 1709 and later.
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disableNote A restart is not required.You can also re-enable ICMPv6 RDNSS with the following PowerShell command. However, doing so makes your system vulnerable again.netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enableNote A restart is not required.
Announced by
Alibaba Cloud Computing Co., Ltd.