CVE-2020-16898: Windows TCP/IP Remote Code Execution Vulnerability

Overview

Severity
High (CVSS 8.8)
CVSS Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Category
Remote Code Execution
Exploit Status
Not Exploited
Exploitation Likelihood
Less Likely
Patch Tuesday
2020-Oct
Released
2020-10-13
Last Updated
2020-10-15
EPSS Score
32.69% (percentile: 96.9%)

Description

A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets.

FAQ

Why was the Exploitability Index rating for this vulnerability lowered from “1 - Exploitation More Likely” to “2 – Exploitation Less Likely”? The presence of exploit mitigations (specifically /GS (Buffer Security Check)) makes it extremely difficult to exploit this issue for code execution. Why is the CVSS score for this vulnerability being reduced from 9.8 to 8.8? The CVSS score was lowered because the vulnerability is not routable over the internet, so we changed the AV score to Adjacent.

Detection & Weaponization (1 sources)

Maturity: Exploit

  • GitHub PoC: 14 repositories

Affected Products (23)

Other

  • 11497
  • 11498
  • 11563
  • 11568
  • 11569
  • 11570
  • 11571
  • 11572
  • 11712
  • 11713
  • 11714
  • 11715
  • 11453
  • 11454
  • 11583
  • 11644
  • 11645
  • 11646
  • 11647
  • 11766
  • 11767
  • 11768
  • 11769

Security Updates (5)

Acknowledgments

Microsoft Platform Security Assurance & Vulnerability Research

Revision History

  • 2020-10-13: Information published.
  • 2020-10-15: The following changes have been made to further clarify the information for this vulnerability: 1) Added FAQ and Mitigation sections 2) Added Impact of Workaround to the Workaround section 3) Corrected the CVSS score to 8.8 4) Corrected the Exploitability Index from "1 - Exploitation More Likely" to "2 - Exploitation Less Likely". These are informational changes only.