Media

Another bad day for Microsoft Security

 

For those working in Microsoft's Window Security department the past months must've been quite intense. Starting on the Zerologon vulnerability disclosed back in August which was still heavily exploited in the past weeks, to yet another huge vulnerability being disclosed in the past day.

 

 

 

  • On 13th of October 2020 a vulnerability was disclosed to the public by Microsoft under CVE-2020-16898 affecting Windows 10 & Windows Server 2019 operating systems
  • On the day of disclosure a patch to the vulnerability was pushed out as part of this month's Patch Tuesday
  • Security experts explain that the vulnerability can be exploited relatively easily to perform a Denial of Service causing Blue Screen of Death and in the extreme can be used to perform Remote Code Execution
  • Microsoft and other entities such as U.S Cyber Command are heavily incentivising users to patch their systems
  • The vulnerability lies within the TCP/IP stack and is exploitable by sending maliciously crafted ICMPv6 Router Advertisement packages
  • Microsoft advises for those who can't apply the patch immediately that there is a workaround to disable the ICMPv6 Recursive DNS Server from PowerShell which doesn't require reboot

 

Related Reading

  • Zerologon vulnerability exploitation on the rise
  • Firefox bug allows hijacking mobile browsers
  • Zerologon Vulnerability
  • Tronlink Wallet uses weak encryption
  • Surfing the net a bit more securely
  • Privacy beyond VPN - Browser Isolation

 

 

Ongoing crypto free earn campaigns:
  • Coinbase Earn $50 of XLM
  • Coinbase Earn $50 of EOS

 

Ongoing crypto non-free earn campaigns:
  • Crypto.com $50 of CRO once 1000 CRO staked
The text on this page is based on the original post and does not claim the copyright of the owner in any way. Everything written here is a free interpretation of the original post.
Votes: 
Share Content: 
 
X