CVE-2020-16898: “Bad Neighbor” RCE vulnerability in the Windows TCP/IP ICMPv6

On October 13, Microsoft announced an exceptionally critical vulnerability in the Windows IPv6 stack, which allows an attacker to send maliciously crafted packets to potentially execute arbitrary code on a remote system. The proof-of-concept shared with MAPP members is both extremely simple and perfectly reliable. It results in an immediate BSOD (Blue Screen of Death), but moreso, indicates the likelihood of exploitation for those who can manage to bypass Windows 10 and Windows Server 2019 mitigations. The effects of an exploit that would grant remote code execution would be widespread and highly impactful, as this is the type of bug that could be made wormable. For ease of reference, we named the vulnerability “Bad Neighbor” because it is located within an ICMPv6 Neighbor Discovery “Protocol”, using the Router Advertisement type.

Thanks, I’m patching right now. This must have been released around lunch time today (Eastern time), I didn’t have any updates this morning, then read this and went looking again. Hoping this is in the 2020-10 cumulative patch.