Endpoint Vulnerability

Microsoft: Windows TCP/IP Remote Code Execution Vulnerability

Description

A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets.

Affected Products

Windows 10,Windows Server, version 2004 (Server Core installation),Windows Server, version 1903 (Server Core installation),Windows Server, version 1909 (Server Core installation),Windows Server 2019

References

CVE-2020-16898,