Another month of Patch Tuesday has passed away. This time, Microsoft revealed another critical Windows bug and you should absolutely patch it now.
CVE-2020-16898, according to Microsoft, is a Windows TCP/IP Remote Code Execution Vulnerability that could bring down an army of remote computers or even servers if an attacker sends specially crafted ICMPv6 packets across the network.
The proof-of-concept video demonstrates an unpatched Windows 10 computer being crashed at will across the network by a simple bug-tripping Python script. Thanks to SohposLab for sharing it.
The bug was discovered in a Windows component called TCPIP.SYS, a kernel driver. Because of that, when the bug is triggered a kernel crash, the entire system crashes with a BSOD (Blue Screen of Death) rather than just shutting down a certain application.
And that’s why Microsoft gives the bug a severity rating of 9.8, out of 10 and flagged it with an exploitability assessment of 1, short for “exploitation more likely”. In other words, you should patch it now.
But if patching isn’t an option because you need more time to test, there are two other workarounds that you can do to mitigate the danger,
- Turn off IPv6, and
- Disable ICMP