Service Notices
Windows TCP/IP Remote Code Execution Vulnerability (CVE-2020-16898)
Oct 19, 2020 GMT+08:00
I. Overview
Microsoft has recently released the October 2020 Security Updates, which disclosed that a remote code execution vulnerability (CVE-2020-16898) exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. Officially rated severity: critical
If you are a Windows user, check your Jenkins versions and implement timely security hardening.
References:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Affected versions:
Windows 10
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
IV. Vulnerability Handling
This vulnerability has been fixed in an officially released patch. If your service version falls into the affected range, install the patch. Use Windows Update or download patches from the following address to fix the vulnerability:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898
If installing the patch is not an option, refer to the following workarounds provided on the official website to temporarily avoid risks:
You can disable ICMPv6 RDNSS, to prevent attackers from exploiting the vulnerability, with the PowerShell command below. No reboot is needed after making the change. This workaround is only available for Windows 1709 and above.
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.