We are used to seeing many vulnerabilities that can put the safety of users at risk. They are failures that can affect all types of operating systems and devices connected to the network. However, the problem is accentuated when it affects something that is widely used. This is what happens with the critical vulnerability that we refer to and that affects Windows systems. Specifically, it is an error that affects the implementation of the ICMPv6 protocol on computers with the Microsoft system.
Critical crash with ICMPv6 protocol on Windows
This vulnerability has been called Bad Neighbor . It has a high exploitability and is considered wormable. This means that it can be used at any time by hackers to compromise the security of users. In case it is exploited, it could spread rapidly to other computers that were connected to the same network. It could compromise an entire business network.
This serious bug has been registered as CVE-2020-16898 . It is caused by a logic error in the TCP / IP stack driver on the Windows system. When analyzing Router Advertisement ICMPv6 packets, which use the recursive DNS server option, it would cause a buffer overflow and remote code execution through ICMPv6 packets.
The problem has been brought to the attention of the CCN-CERT , the Information Security Incident Response Team of the National Cryptographic Center. Microsoft has classified this vulnerability as critical and have given it a score of 9.8 CVSSv3 . This high score is due to the fact that it is remotely exploitable without having great complexity. It does not require elevated privileges or user interaction.
Although there is no evidence that it is currently being exploited, Microsoft has shown an exploit that would cause a BSoD failure or better known as a blue screen or screen of death.
Systems affected by this vulnerability
This vulnerability, as we have indicated, affects Microsoft systems . Specifically, it puts Windows 10 1709, Windows 10 1803, Windows 10 1809, Windows 10 1903, Windows 10 1909, Windows 10 2004, Windows Server 2019, Windows Server 1903, Windows Server 1909, and Windows Server 2004 at risk.
It is very important that the equipment is updated correctly. Microsoft has already released a security patch to correct the problem. From this article we strongly recommend that all users have the latest version installed. There are many occasions when these types of problems can arise and it is vital to have the latest patches.
However, in case for some reason users could not install the patches, another solution would be to disable the recursive DNS server ICMPv6 . We can do this through the following PowerShell command:
netsh int ipv6 set int * INTERFACENUMBER * rabaseddnsconfig = disable
In case we later want to re-enable it, again we will have to go to PowerShell but in this case change the command to enabled:
netsh int ipv6 set int * INTERFACENUMBER * rabaseddnsconfig = enable
Ultimately, it is very important to correct this vulnerability to keep the system safe. We already know that keeping equipment up to date is vital.
