IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft fixes 'critical' wormable RCE flaw in Windows 10

The latest Patch Tuesday release sees 87 bugs fixed including the CVSS 9.8-rated vulnerability

Person types on laptop in the dark

Microsoft has patched a highly severe vulnerability in the Windows operating system TCP/IP stack, which could have allowed an attacker to execute code on a target server remotely. 

The remote code execution vulnerability, which is wormable, has been fixed as part of a fresh wave of 87 patches as part of the firm’s routine fortnightly Patch Tuesday bug fixes, and is one of 11 critical flaws seen to.

McAfee, which first discovered the wormable vulnerability, has dubbed it ‘bad neighbor’ and branded the proof-of-concept as “both extremely simple and perfectly reliable”. 

Before it was patched, hackers could have exploited the flaw, assigned CVE-2020-16898 and rated 9.8 on the CVSS severity scale, due to the way that the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. This affected users with machines running Windows 10 and Windows Server 2019. 

Doing so would grant the attacker the ability to execute remote code on the targeted client by sending specially crafted ICMPv6 Router Advertisement packets to a remote Windows machine. The update, released yesterday, addresses how the Windows TCP/IP stack handles these packets.

Another notable vulnerability, tagged CVE-2020-16891, is a remote code execution exploit in Windows Hyper-V. This would have allowed an attacker to run a specially crafted programme on an affected guest operating system to execute arbitrary code on the host operating system. 

The full round of fixes applies to bugs found in Windows, Microsoft Office, Azure Functions, Microsoft Exchange Server, Visual Studio, Adobe Flash player, and many other services. Of these 87 bugs, 11 have been deemed critical, while 74 are classed as important, and a further one is categorised as being moderate in severity. There’s no evidence to suggest any of these flaws have been publicly exploited.

Although there are still a handful of serious security threats that Microsoft has addressed, the routine Patch Tuesday round of fixes actually comprises fewer vulnerabilities than businesses have come to expect in recent months. SolarWinds MSP’s head security nerd Gill Langston also claims that this October Patch Tuesday is the first batch that fixes fewer than 100 vulnerabilities

“Don’t be fooled by that, as there are several in this group that do warrant your attention,” he said.

"Pay special attention to the 'Important' ones, as many of them are listed as “Exploitation More Likely” and will be in the priority list. While there are no active attacks according to Microsoft, there is a high likelihood some may appear soon for several of these. While this month’s batch was lighter than usual, there are some real attention getters here.”

Langston has recommended that businesses address the TCP/IP flaw first and foremost, before shifting their attention to getting RDP servers patched, since remote desktop seems to be one of the current most popular attack vectors.

Next, IT admins should focus on patching Hyper-V systems, and then patching workstations, especially those running Outlook, before finally addressing SharePoint servers.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022
How do you become an ethical hacker?
ethical hacking

How do you become an ethical hacker?

29 Apr 2022
What is phishing?
phishing

What is phishing?

29 Apr 2022

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation
Sponsored

How full-stack observability can accelerate IT innovation

3 May 2022