CVE-2020-16898 AKA bad neighbor - Possibly wormable RCE on Windows

Bad Neighbor

Microsoft has released the October 2020 security update, which contains 87 critical vulnerabilities. Microsoft's September update contained 129 common vulnerabilities and disclosures, including a number of critical vulnerabilities as well as a handful of minor vulnerabilities.

The stand-out vulnerability seems to be CVE-2020-16898 - A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka 'Windows TCP/IP Remote Code Execution Vulnerability".

Vulnerable systems are Microsoft Windows 10 Version 1709 and later and Microsoft Windows Server 2019.

While Outlook itself has been given its fair share of attention this month, this vulnerability takes precedence as it appears to be currently exploited to crash systems however it's strongly believed this can be fully exploited to gain system access and is likely worm’able.

While instant patching is not possible for some systems due to reboot scheduling, Microsoft has provided a PowerShell-based command for the affected operating systems.

-- The Escaped Team --