October Patch Tuesday with Some Nasty RCE Flaws

October 18, 2020

Just a friendly reminder, October 13th was Microsoft Patch Tuesday. Microsoft released 87 patches and 11 of them were considered critical. the most dangerous attack is CVE-2020-16898 and is called Bad Neighbor. It is a remote code execution flaw in the Windows TCP/IP stack that occurs due to improperly handled ICMPv6 Router Advertisement packets and earns itself a CVSSv3 score of 9.8. The attack only takes sending malicious ICMPv6 Router Advertisement packets to a vulnerable Windows system. Microsoft also patched CVE-2020-16899, a denial-of-service vulnerability in the Windows TCP/IP stack. Both vulnerabilities were discovered internally by Microsoft and are rated as ‘Exploitation More Likely,’ according to Microsoft’s Exploitability Index.

But, nowadays with more people and businesses directly opening up RDP to the outside world a flaw in Windows RDP might be more concerning to some of our Engineers documented in CVE-2020-16896. In order to exploit this flaw, all an attacker must do is connect to a system that is running the RDP service and send a specially-crafted packet to it. You can read more about these flaws through the links in our show notes!

The holidays are coming and for many businesses that means locking out changes in their environment. So, remember to apply these patches as soon as possible or apply Defense in Depth in any unchangeable environments with layered controls and extra monitoring!

Ian’s Take

I really hope that many companies are not directly opening up RDP to the outside world without the proper layers of protection in place.  I’d suggest strongly they invest in a Firewall, and a VPN solution which offers end to end encryption. On top of that I would suggest a 2FA system for authentication purposes.

If a company needs to expose company information, there is also the option of accessing the information behind a secure web page.  Honestly, there are so many other solutions that have existed for years to stop this kind of behavior.

An exposed computer out on the internet without any protection can be compromised in as little as 5 minutes. 

Comments are closed.