US Cyber Command strongly recommends that you install a patch for the Bad Neighbor vulnerability.
The US Cyber Command urged users of Microsoft products to install the update that fixes the critical vulnerability CVE-2020-16898 as soon as possible . The update was released as part of the next "Patch Tuesday" October 13, 2020.
"Update your software from Microsoft now to keep your systems safe from exploitation of vulnerabilities: in particular, CVE-2020-16898 needs to be fixed or mitigated, as vulnerable systems can be compromised remotely," - said a message posted by US Cyber Command on Twitter on Wednesday. October 14.
CVE-2020-16898, dubbed Bad Neighbor, is a Windows TCP / IP remote code execution vulnerability that can also cause denial of service and blue screen of death (BSOD). A remote unauthorized user can exploit the vulnerability by sending malicious ICMPv6 Router Advertisement packets to a vulnerable Windows PC.
Bad Neighbor affects both client (Windows 10 1709 to 2004) and server (Windows Server 1903 to 2004 and Windows Server 2019) versions of the OS, making it a critical vulnerability for all modern Windows environments.
Microsoft has already provided Microsoft Active Protections Program (MAPP) participants with a PoC exploit that can cause BSODs. In addition, Sophos also created its own PoC exploit . Probably, cybercriminals will also develop their own exploits soon, so it is very important to install a patch for Bad Neighbor.
If it is temporarily impossible to install an update, Microsoft recommends disabling the ICMPv6 Recursive DNS Server (RDNSS) option on Windows 10 1709 and higher using the PowerShell command (no restart required): netsh int ipv6 set int * INTERFACENUMBER * rabaseddnsconfig = disable
After the ICMPv6 patch is installed, RDNSS can be re-enabled using the PowerShell command (no restart required): netsh int ipv6 set int * INTERFACENUMBER * rabaseddnsconfig = enable
MAPP is a Microsoft program designed to provide leading developers of information security solutions with the ability to quickly obtain information about identified vulnerabilities in Microsoft software for which security updates have not yet been developed. The MAPP program was launched in 2008, and its members include world leaders in the development of information security solutions.