Blog: October 2020 critical update for your Windows

Author: Vlad
Published on

Patrowl's blog - October 2020 critical update for your Windows

Hello everyone,

Microsoft has published yesterday its security bulletin concerning its operating systems.

This one has in particular that two vulnerabilities are particularly critical:

  • CVE-2020-16898, affecting the ICMPv6 protocol, enabled by default on all systems and rarely disabled
  • CVE-2020-16952, affecting Sharepoint and published (a priori) outside this bulletin.

CVE-2020-16898 / ICMPv6 (named Bad Neighbor)

This is a buffer overflow vulnerability allowing to execute code remotely, without authentication (it's ICMP πŸ˜‰ ) on a target and to take control of it.

It is therefore particularly important to update, or at least block ICMPv6 on the local firewall or network firewalls. In cases I have tested, some firewalls with poor ICMPv6 support let these packets through, rendering them inoperable.

Microsoft's internal RedTeam has a working private PoC so I assume other teams also have working exploit code as the McAfee article is quite detailed and with the patch out, it has already been analyzed to understand its behavior.

Related articles:

CVE-2020-16952 / SharePoint

This is a vulnerability affecting the SharePoint web agreement management software and allowing to take control of a server remotely but after authentication.

It is important to update because an exploit code has been published yesterday:

It should be noted that many other vulnerabilities are also quite critical like :

Patrowl's blog - October 2020 critical update for your Windows

Otherwise, more simply: you apply these updates everywhere in a hurry πŸ˜‰.

Blog: regreSSHion, critical vulnerability on OpenSSH CVE-2024-6387

Blog: CaRE program: healthcare facilities close the cybersecurity gap with Patrowl