Cybersecurity specialists have disclosed several details about a recently found security flaw dubbed “Bad Neighbor Vulnerability”. Expert community recommends users to install the available patches to prevent an attack.
According to the US Cyber Command, users of Microsoft products should install the update to fix this flaw, tracked as CVE-2020-16898 as soon as possible. The patch was released as part of the company’s Patch Tuesday this week.
CVE-2020-16898 is a remote code execution vulnerability residing in Windows TCP/IP that can also generate a denial of service (DoS) condition. A remote non-authenticated hacker can exploit it only by sending malicious ICMPv6 Router Advertisement packets to a vulnerable Windows-running machine.
The report mentions that Bad Neighbor affects both client (Windows 10 1709 to 2004) and server (Windows Server 1903 to 2004 & Windows Server 2019) OS versions, making it a critical vulnerability for all modern Windows implementations. The company has already provided Microsoft Active Protections Program (MAPP) members with a proof of concept exploit, in addition, Sophos also created its own PoC exploit.
Threat actors could be in their way to develop their own exploit, so users should install the patches immediately.
If you’re temporary unable to install the patch, Microsoft recommends disabling the ICMPv6 Recursive DNS Server (RDNSS) option on Windows 10 1709 and higher versios using the following PowerShell command (no restart needed):
netsh int ipv6 set int * INTERFACENUMBER * rabaseddnsconfig = disable
After installing the ICMPv6 patch, RDNSS can be enabled again using this command:
netsh int ipv6 set int * INTERFACENUMBER * rabaseddnsconfig = enable
Launched in 2008, MAPP has among its members several world leaders in the information security field.