Security Center Security News v
Update Top reason to apply October, 2020’s Microsoft patches: Ping of Death Redux

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Update Top reason to apply October, 2020’s Microsoft patches: Ping of Death Redux
tarekma7 Offline
Administrator
*******
Administrators
Posts: 19,392
Threads: 8,940
Thanks Received: 32,370 in 9,283 posts
Thanks Given: 4,308
Joined: Sep 2015
Reputation: 2,717
The EnforcerGold MemberRandomThe InfluentialThe CrownThe Researcher The WriterThe Organizer View All
#1
10-15-2020 , 06:42 PM
Quote:[Image: GNvImH0.png]

A vulnerability in Windows’ TCP/IP driver handling of IPv6 allows denial of service—and possibly remote code execution.

Microsoft is releasing a substantial number of security fixes again in October’s Patch Tuesday release—with 11 rated “Critical” by Microsoft (including the latest Adobe Flash security update). But two vulnerabilities among those being patched stand out above these others: CVE-2020-16898 and CVE-2020-16899. These vulnerabilities—caused by a bug in Windows’ TCP/IP driver—harken back to the “Ping of Death” vulnerability fixed in Windows in 2013. They make denial of service and potential remote code execution possible with a crafted packet.

The vulnerability in tcpip.sys, a logic error in how the driver parses ICMP messages, can be triggered remotely with a crafted IPv6 router advertisement packet containing a Recursive DNS Server (RDNSS) option. The RDNSS option typically contains a list of the IPv6 addresses of one or more recursive DNS servers.

[Image: 2trtLaG.png]

There is a logic flaw in tcpip.sys that can be exploited by crafting a router advertisement packet containing more data than expected, which results in the driver putting more bytes of data on its memory stack than provided for in the driver’s code, resulting in a buffer overflow. In theory, this could be used for both denial of service and remote code execution attacks. But in practice, achieving remote code execution would be extremely difficult.

SophosLabs developed its own proof-of-concept for an attack, based on information provided by Microsoft. It leverages the vulnerability to cause a “blue screen of death” on the targeted computer.  The details of the POC are being withheld to prevent exploitation by attackers.

Once we understood the bug, developing a “Blue Screen of Death” proof-of-concept was fairly straightforward. But taking it to the level that Microsoft has warned is possible—remote code execution (RCE)—is not. Modern defensive coding standards and practices would slow down an effort to build a reliable generic RCE exploit, for two reasons.

Continue reading HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Google Patches 48 Vulnerabilities With First Set of 2022 Android Updates mrtrout 0 547 01-06-2022 , 12:48 AM
Last Post: mrtrout
  Top 10 Protection Lists of October 2020 ( Malwarebytes) mrtrout 0 1,092 11-06-2020 , 10:55 AM
Last Post: mrtrout
  Mozilla Firefox 72.0.1 Patches Actively Exploited Zero-Day tarekma7 0 1,499 01-10-2020 , 05:05 PM
Last Post: tarekma7
  Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches tarekma7 0 1,696 05-14-2019 , 10:35 PM
Last Post: tarekma7
  iOS 12.2 Patches Over 50 Security Vulnerabilities Mohammad.Poorya 0 1,479 03-26-2019 , 08:23 AM
Last Post: Mohammad.Poorya

Forum Jump:


Users browsing this thread: 1 Guest(s)