Patch 'Bad Neighbor' TCP/IP vulnerability CVE-2020-16898 in Windows 10/Server

[English]Administrators and users should promptly install the security updates for Windows 10 and its server counterparts from October 13, 2020. Then the TCP/IP vulnerability CVE-2020-16898 ('Bad Neighbor') will be closed. US-CERT explicitly warns about this vulnerability. 


The vulnerability CVE-2020-16898

The vulnerability CVE-2020-16898 was disclosed by Microsoft in a security advisory on October 13, 2020. It is a remote code execution (RCE) vulnerability in Microsoft's Windows TCP/IP implementation. Microsoft writes about it in the security advisory:

A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.

To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.

Microsoft has now lowered the CVSS rating from 9.8 to 8.8 because the vulnerability is not routable over the Internet, as reported here by colleagues from Bleeping Computer.

US-CERT warns – Exploits available – patch now

Last Friday (October 15, 2020), US-CERT Cyber Command posted a warning on Twitter, that people should patch the CVE-2020-16898 vulnerability. 

US-CERT warning Bad Neighbor-Patch

McAfee published a detailed description of the vulnerability on October 13. A further analysis can be found on the Quarkslab blog. As of October 16, 2020 there was this post about how to use an exploit for the vulnerability (references here and here). So it is time to fix this vulnerability. Microsoft claims that virtually all Windows 10 builds, as well as their Windows Server counterparts, are affected. In the support articles for the October 2020 security updates the vulnerability CVE-2020-16898 or the fix is not explicitly mentioned so far (see also Patchday: Windows 10 updates (October 13, 2020)). Bleeping Computer has published an article with hints to mitigate the bug:


netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable

using the above command – suitable, if a patch can't be installed immediately.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Update, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *