Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook

[-]
Tags
death reason apply microsoft patches redux 2020’s top ping october

tarekma7Update Top reason to apply October, 2020’s Microsoft patches: Ping of Death Redux
#1
Quote:[Image: GNvImH0.png]

A vulnerability in Windows’ TCP/IP driver handling of IPv6 allows denial of service—and possibly remote code execution.

Microsoft is releasing a substantial number of security fixes again in October’s Patch Tuesday release—with 11 rated “Critical” by Microsoft (including the latest Adobe Flash security update). But two vulnerabilities among those being patched stand out above these others: CVE-2020-16898 and CVE-2020-16899. These vulnerabilities—caused by a bug in Windows’ TCP/IP driver—harken back to the “Ping of Death” vulnerability fixed in Windows in 2013. They make denial of service and potential remote code execution possible with a crafted packet.

The vulnerability in tcpip.sys, a logic error in how the driver parses ICMP messages, can be triggered remotely with a crafted IPv6 router advertisement packet containing a Recursive DNS Server (RDNSS) option. The RDNSS option typically contains a list of the IPv6 addresses of one or more recursive DNS servers.

[Image: 2trtLaG.png]

There is a logic flaw in tcpip.sys that can be exploited by crafting a router advertisement packet containing more data than expected, which results in the driver putting more bytes of data on its memory stack than provided for in the driver’s code, resulting in a buffer overflow. In theory, this could be used for both denial of service and remote code execution attacks. But in practice, achieving remote code execution would be extremely difficult.

SophosLabs developed its own proof-of-concept for an attack, based on information provided by Microsoft. It leverages the vulnerability to cause a “blue screen of death” on the targeted computer.  The details of the POC are being withheld to prevent exploitation by attackers.

Once we understood the bug, developing a “Blue Screen of Death” proof-of-concept was fairly straightforward. But taking it to the level that Microsoft has warned is possible—remote code execution (RCE)—is not. Modern defensive coding standards and practices would slow down an effort to build a reliable generic RCE exploit, for two reasons.

Continue reading HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Mozilla Firefox 72.0.1 Patches Actively Exploited Zero-Day tarekma7 0 397 01-10-2020 , 05:05 PM
Last Post: tarekma7
  Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches tarekma7 0 643 05-14-2019 , 10:35 PM
Last Post: tarekma7
  iOS 12.2 Patches Over 50 Security Vulnerabilities Mohammad.Poorya 0 587 03-26-2019 , 08:23 AM
Last Post: Mohammad.Poorya
  Windows Spectre Patches Are Here, But You Might Want to Wait mrtrout 0 637 03-20-2018 , 10:25 PM
Last Post: mrtrout
  Intel halts some chip patches as the fixes cause problems mrtrout 0 765 01-23-2018 , 08:00 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 2 Guest(s)