Don’t Be a “Bad Neighbor” – Patch Your Systems Now
Prepared by: Anthony Paladino
On October 13th, 2020, Microsoft released a security advisory for CVE-2020-16898, a vulnerability that researchers have named “Bad Neighbor.” Bad Neighbor is described as a vulnerability in Windows 10, Windows Server 2019, and Windows Server Core where an attacker could exploit the Windows TCP/IP stack of a target system with a specially crafted ICMPv6 Router Advertisement packet, causing a denial of service in the form of a fatal system error, the dreaded Blue Screen of Death. This vulnerability carries a CVSSv3 base score of 9.8, denoting it as a critical vulnerability, and the relative ease of exploit combined with the potential for it to become wormable has garnered particular attention from researchers.
On the same day as the security advisory release, Microsoft also offered a fix in the form of security updates issued as part of October’s Patch Tuesday. System administrators and support teams are encouraged to patch this vulnerability as soon as possible. If patching cannot be done immediately, it is recommended to employ the workaround of disabling the ICMPv6 Recursive DNS Server (RDNSS) until such time as the patch can be applied.
DataBank is deploying appropriate patches to all customers with managed Windows 2019 systems according to their normal maintenance windows. If you are a customer who would like an expedited application of this patch or have concerns about it, please reach out to DataBank Support.
For customers of DataBank’s Managed Internet with IDS/IPS offering, filters have been applied to monitor for potential exploits of this vulnerability, and DataBank Security will continue to monitor the situation.
Those teams supporting Windows 10 endpoints should work to ensure that all Windows 10 clients in their environment receive the appropriate patches as soon as possible.