I. Overview

Microsoft has recently released the October 2020 Security Updates, which disclosed that a remote code execution vulnerability (CVE-2020-16898) exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. Officially rated severity: critical

If you are a Windows user, check your Jenkins versions and implement timely security hardening.

References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

Windows 10

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

IV. Vulnerability Handling

This vulnerability has been fixed in an officially released patch. If your service version falls into the affected range, install the patch. Use Windows Update or download patches from the following address to fix the vulnerability:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898

If installing the patch is not an option, refer to the following workarounds provided on the official website to temporarily avoid risks:

You can disable ICMPv6 RDNSS, to prevent attackers from exploiting the vulnerability, with the PowerShell command below. No reboot is needed after making the change. This workaround is only available for Windows 1709 and above.

netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.