Hacken Token
$ -- --.--

CVE-2020-16898 – Windows TCP/IP Remote Code Execution Vulnerability

Overview

Yesterday, on October 13, 2020, Microsoft announced a critical vulnerability in the Windows IPv6 stack that allows an attacker to send maliciously crafted packets to potentially execute arbitrary code on a remote system. The proof of concept provided to MAPP (Microsoft Active Protection Program) contributors is extremely simple and completely reliable. This vulnerability leads to a BSOD (blue screen of death); exploitation is possible for those who manage to bypass the protections of Windows 10 and Windows Server 2019. This exploit, which allows remote code execution, will be widespread and very significant since this type of error can become vulnerable to worms.

Affected Version:

  • Microsoft Window Server 2019 (1903/1909/2004)
  • Microsoft Windows 10 (1709/1803/1809/1903/1909/2004)

CVSS Score: 9.0/10

Vulnerability Detail:

“A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.

To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.” – McAfee team.

Possible victims

To understand who the potential victims are and their number, you need to look “under the hood.”

According to shodan.io data, we see the number of 53,549 Windows 10 servers and 2,700 Windows Server 2019 servers.

To get a broader picture, we’ve collected data from different sources. If you look at the ZoomEye website, you can see 125,784 potential vulnerable servers.

Mitigation

Fixing a vulnerability is always the first and most effective course of action. When this is not possible in the case of ZeroDay vulnerabilities, the best solution is to disable IPv6 either on the network adapter or at the network perimeter by dropping ipv6 traffic. Also, ICMPv6 router advertisements can be blocked or dropped at the network perimeter. Windows Defender and Windows Firewall cannot block proof of concept at startup. It is currently unknown if this attack will succeed by tunneling ICMPv6 traffic over IPv4 using technologies such as 6to4 or Teredo.

You can disable ICMPv6 RDNSS to prevent attackers from exploiting the vulnerability with the PowerShell command below. This workaround is only available for Windows 1709 and above. 

netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable

You can disable the workaround with the PowerShell command below.

netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enable

Tell us about your project

  • This field is required
  • This field is required
    • whatsapp icon WhatsApp
    • telegram icon Telegram
    • wechat icon WeChat
    • signal icon Signal
  • This field is required
  • This field is required
  • This field is required
  • This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

800+ projects with $250B protected MarketCap

companies logos

Apply for partnership

  • This field is required
  • This field is required
  • This field is required
  • This field is required
    • Foundation
    • VC
    • Angel investments
    • IDO or IEO platform
    • Protocol
    • Blockchain
    • Legal
    • Insurance
    • Development
    • Marketing
    • Influencer
    • Other
This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

800+ projects with $250B protected MarketCap

companies logos

Get in touch

  • This field is required
  • This field is required
  • This field is required
  • This field is required
This field is required
By submitting this form you agree to the Privacy Policy and information beeing used to contact you
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo
hackenproof logo

The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.

hackenproof logo

The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.

hackenproof logo

The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.