Security advisory: Windows TCP/IP remote code execution vulnerability (CVE-2020-16898)

更新时间:
复制 MD 格式

On October 13, 2020, Microsoft disclosed a remote code execution vulnerability in the Windows TCP/IP stack that occurs when it improperly handles ICMPv6 Router Advertisement packets. Exploiting this vulnerability allows an attacker to execute arbitrary code on a target server or client. This vulnerability, identified as CVE-2020-16898, is rated Critical. Microsoft has released a security patch to address this vulnerability.

Vulnerability information

  • Vulnerability ID: CVE-2020-16898
  • Severity: Critical
  • Affected products
    • Windows Server 2019
    • Windows Server 2019 (Server Core installation)
    • Windows Server, version 1903 (Server Core installation)
    • Windows Server, version 1909 (Server Core installation)
    • Windows Server, version 2004 (Server Core installation)

Description

A remote code execution vulnerability, identified as CVE-2020-16898, exists in the Windows TCP/IP stack due to improper handling of ICMPv6 Router Advertisement packets. To exploit this vulnerability, an attacker must send a specially crafted ICMPv6 Router Advertisement packet to a target Windows computer. An unauthenticated, remote attacker can achieve remote code execution (RCE). No publicly available exploits have been reported.

Recommendations

Apply the official patches immediately.

Resolution

To resolve this vulnerability, use one of the following methods:
  • Download and apply the security patch from the official Microsoft Security Response Center. See CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability.
  • The Windows system vulnerability module in Alibaba Cloud Security Center can detect and patch this vulnerability with a single click. For more information, see Manage vulnerabilities.
  • Disable ICMPv6 RDNSS to mitigate the risk.
    To prevent attackers from exploiting this vulnerability, run the following PowerShell command to disable ICMPv6 RDNSS. This workaround applies only to Windows 1709 and later.
    netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable
    Note A restart is not required.
    You can also re-enable ICMPv6 RDNSS with the following PowerShell command. However, doing so makes your system vulnerable again.
    netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enable
    Note A restart is not required.

Announced by

Alibaba Cloud Computing Co., Ltd.