Skip to comments.It's 2020 and a rogue ICMPv6 network packet can pwn your Microsoft Windows machine (Patch Tuesday alert)
Posted on 10/13/2020 6:41:18 PM PDT by dayglored
Redmond urges folks to apply update ASAP plus more fixes for Outlook and software from Adobe, Intel, SAP, Red Hat
Patch Tuesday Microsoft's Update Tuesday patch dump for October 2020 has delivered security patches that attempt to address 87 CVEs for a dozen Redmond products.
Nadella's security crew has identified 22 remote code execution (RCE) CVEs though the most worrisome looks like CVE-2020-16898, Windows TCP/IP RCE, which is rated 9.8 out 10 in severity. It affects Windows desktop and server systems.
According to Microsoft, the Windows TCP/IP stack doesn't properly handle ICMPv6 Router Advertisement packets. Thus someone could send a vulnerable machine a maliciously crafted IPv6 packet over the network to inject and execute code on the box, and ultimately hijack it presumably with kernel-level privileges. Here's the worrying blurb from Redmond:
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.
To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.
The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets.
Microsoft said exploitation is likely, and a workaround is available for Windows build 1709 and above. You're urged to patch this ASAP, though.
"Since the code execution occurs in the TCP/IP stack, it is assumed the attacker could execute arbitrary code with elevated privileges," said Zero Day Initiative's Dustin Childs in a summary of today's patches.
"If youre running an IPv6 network, you know that filtering router advertisements is not a practical workaround. Microsoft also gives this bug its highest exploitability rating, so exploits are likely. You should definitely test and deploy this patch as soon as possible."
CVE-2020-16947, a Microsoft Outlook RCE, also looks like it could pose problems. Rated with a CVSS score of 8.1/10, this memory handling flaw could allow an attacker to send a user with admin rights a specially crafted file and take over the system, if the preview pane is open.
"The specific flaw exists within the parsing of HTML content in an email," explained Childs. "The issue results from the lack of proper validation of the length of user-supplied data before copying it to a fixed-length heap-based buffer."
A total of 11 flaws are designated critical, 75 rate moderate, and one is merely important. Six of them have already been publicly disclosed.
Affected applications include:
The 88th entry on Microsoft's list is an advisory for Adobe Flash Player for Windows, which along with the versions for macOS, Linux and Chrome OS, contains a critical arbitrary code execution flaw (CVE-2020-9746).
Exploitation of the vulnerability "requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL," according to Adobe.
Users should install Adobe Flash Player 18.104.22.1685 on the applicable operating system and enjoy whatever time they have left with the app Adobe plans to stop distributing Flash Player on December 31, 2020.
Enterprise software vendor SAP also delivered parcel of patches 15 plus six additional patches to previous patches.
The most serious of these is an OS command injection vulnerability (CVE-2020-6364) affecting SAP Solution Manager (CA Introscope Enterprise Manager) and SAP Focused Run (CA Introscope Enterprise Manager), Versions - WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7. The bug rates 10 out of 10 in severity.
Intel released one security advisory covering three vulnerabilities in the BlueZ open-source Bluetooth stack. These high severity flaws could lead to privilege escalation and information disclosure. The fixes involve a Linux kernel update.
Red Hat meanwhile issued a security advisory for the Chromium browser in various Red Hat Enterprise Linux 6 packages. It addresses 35 fixes delivered by Google last week.
On the bright side, 87 CVEs is significantly less than the 129 Microsoft addressed in September. ®
Microsoft has gone to shit when it decided Americans were worthless scum and brought in Indian and Communist Chinese H1Bs scabs to replace the fired Americans.
“network packet can pwn”
Did the headline writer misspell “pawn”?
Nah. “pwn” is gamer thing, I think. ‘You’ve been owned’
Wish I could understand what youre saying.
I got hit with something on a MS update that has Locked my windows up
Wheres the fix
Would this only affect dual-homed servers that are configured as IPv6 routers?
The way I read it, if affects all Windows clients (Windows10) and servers (Windows Server 20xx). They all come up with IPv6 enabled and preferred. You have to go out of your way to disable IPv6.
Works for me.
Ah, so it’s the “boom” or “bombshell” equivalent of blogger headlines written by folks with five-year-old mentalities.
“The specific flaw exists within the parsing of HTML content in an email,”
So I’m not affected if html is turned off in my webmail ? Even if using admin level?
I like to delay updates a week in case problems show up in updates.
I was off a bit. Though I always heard it game related when you got stomped in whatever online game you were playing.
That depends on what the problem is caused by, which will be hard to diagnose if it won't run.
So an appropriate question in return is: Where's your backup?
I don't mean that to sound snarky, just trying to be helpful. If you can get it running, try to roll back to a "Restore Point". If you can't get it running, restore the machine from a backup.
Personally, I do a full backup of my Windows machines just prior to applying Windows Updates. That way if I have to restore, I haven't lost much work.
Actually, you were right, it's just that the gaming usage is a smaller part of the larger network context.
1709? Gotta patch ‘em more than once every couple of years...
Yes. The winner got so excited trying to ram the bayonet of defeat down the enemy's throat that he or she hit the "p" instead of the "o".
And thus history was made...
I’m so glad I run Ubuntu ... Microsoft OS’ just aren’t worth the risk of running.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.