A serious vulnerability exists in the Windows TCP/IP network stack [1,2]. Currently, it is known that this vulnerability can be used to trigger a Denial of Service (DoS) event, however, Microsoft and others are warning that it may also be possible to remotely execute code.
An attacker can exploit this vulnerability by sending a crafted ICMPv6 Router Advertisement to the target system. The vulnerability does not require authentication or user-interaction.
- The systems protected by the Palo Alto firewalls should be protected by the Vulnerability profiles.
- Windows servers managed by the Windows Team have already been protected using local firewall blocks.
- Systems using BigFix for patch management are being patched automatically and the patch will be implimented at restart.
- Microsoft Windows 10 Version 1709 and later
- Microsoft Windows Server 2019
- If you can patch the vulnerability, please do so.
- If immediate patching is not an option or is not feasible because of Covid-19 restrictions, see the references below for a workaround.
- Priority should first focus on Internet-facing systems, then Campus network-facing systems, and finally any systems that are internal or restricted to trusted IP addresses. All vulnerable systems should be patched or have the workaround applied.
- Notify email@example.com if you anticipate any delays.