With all the thrill of the iPhone 12 launch yesterday’s October Patch Tuesday went largely unnoticed, however the replace delivered an important repair.
Security weblog DarkReadings studies that the replace mounted 87 vulnerabilities, together with 21 distant code execution flaws.
None of the failings was being exploited within the wild, however 6 had been publicly identified and will subsequently be simply developed.
The most important distant code execution flaw was CVE-2020-16898, which exploited a flaw within the Windows TCP/IP stack when it improperly handles ICMPv6 Router Advertisement packets. As Microsoft writes:
A distant code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who efficiently exploited this vulnerability might achieve the flexibility to execute code on the goal server or shopper.
To exploit this vulnerability, an attacker must ship specifically crafted ICMPv6 Router Advertisement packets to a distant Windows laptop.
Now {that a} patch is obtainable it must be utilized urgently, because the bug has a CVSS rating of 9.eight and has been categorized as “exploitation more likely.”
There can be a denial of service flaw (CVE-2020-16899) within the Windows TCP/IP stack, the place an improperly handles ICMPv6 Router Advertisement packets would let an attacker trigger a goal system to cease responding.
“Both vulnerabilities have been deemed more likely to be exploited,” says Chris Hass, director of data safety and analysis at Automox. “The solely excellent news is that Microsoft’s inner safety group unearthed the vulnerabilities, that means PoC [proof of concept] code doubtless gained’t floor till somebody reverse engineers the patch and discovers the
Source hyperlink
