Another bad day for Microsoft Security

Another bad day for Microsoft Security

By ircrp | ircrp | 14 Oct 2020


 

For those working in Microsoft's Window Security department the past months must've been quite intense. Starting on the Zerologon vulnerability disclosed back in August which was still heavily exploited in the past weeks, to yet another huge vulnerability being disclosed in the past day.

 

 

 

  • On 13th of October 2020 a vulnerability was disclosed to the public by Microsoft under CVE-2020-16898 affecting Windows 10 & Windows Server 2019 operating systems
  • On the day of disclosure a patch to the vulnerability was pushed out as part of this month's Patch Tuesday
  • Security experts explain that the vulnerability can be exploited relatively easily to perform a Denial of Service causing Blue Screen of Death and in the extreme can be used to perform Remote Code Execution
  • Microsoft and other entities such as U.S Cyber Command are heavily incentivising users to patch their systems
  • The vulnerability lies within the TCP/IP stack and is exploitable by sending maliciously crafted ICMPv6 Router Advertisement packages
  • Microsoft advises for those who can't apply the patch immediately that there is a workaround to disable the ICMPv6 Recursive DNS Server from PowerShell which doesn't require reboot

 

Related Reading

 

 

Ongoing crypto free earn campaigns:

 

Ongoing crypto non-free earn campaigns:


ircrp
ircrp

Crypto enthusiast and a first-time blogger

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.