CVE-2020-16898 | Windows TCP/IP远程代码执行漏洞通告

0x01 漏洞详情

 

image.png

 

CVE-2020-16898存在于Windows TCP/IP堆栈中。攻击者可以通过网络连接将恶意的ICMPv6路由器广播数据包发送到未打补丁的系统,从而在目标服务器或客户端上执行任意代码。

该漏洞的影响范围:

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

 

部分安全漏洞如下:

 

漏洞编号 漏洞名称 版本
CVE-2020-16919 Windows企业应用程序管理服务信息泄露漏洞 1.0
CVE-2020-16889 Windows   KernelStream信息泄露漏洞 1.0
CVE-2020-16896 Windows远程桌面协议(RDP)信息泄露漏洞 1.0
CVE-2020-16897 NetBT信息泄露漏洞 1.0
CVE-2020-16901 Windows内核信息泄露漏洞 1.0
CVE-2020-16904 Azure功能特权提升漏洞 1.0
CVE-2020-16914 Windows   GDI +信息泄露漏洞 1.0
CVE-2020-16918 Base3D远程代码执行漏洞 1.0
CVE-2020-16919 Windows企业应用程序管理服务信息泄露漏洞 1.0
CVE-2020-16921 Windows   Text Services框架信息泄露漏洞 1.0
CVE-2020-16928 Microsoft   Office权限提升漏洞 1.0
CVE-2020-16929 Microsoft   Excel远程代码执行漏洞 1.0
CVE-2020-16930 Microsoft   Excel远程代码执行漏洞 1.0
CVE-2020-16931 Microsoft   Excel远程代码执行漏洞 1.0
CVE-2020-16932 Microsoft   Excel远程代码执行漏洞 1.0
CVE-2020-16933 Microsoft   Word安全功能绕过漏洞 1.0
CVE-2020-16934 Microsoft   Office权限提升漏洞 1.0
CVE-2020-16937 .NET   Framework信息泄露漏洞 1.0
CVE-2020-16938 Windows内核信息泄露漏洞 1.0
CVE-2020-16941 Microsoft   SharePoint信息泄露漏洞 1.0
CVE-2020-16942 Microsoft   SharePoint信息泄露漏洞 1.0
CVE-2020-16947 Microsoft   Outlook远程代码执行漏洞 1.0
CVE-2020-16949 Microsoft   Outlook拒绝服务漏洞 1.0
CVE-2020-16954 Microsoft   Office远程代码执行漏洞 1.0
CVE-2020-16955 Microsoft   Office权限提升漏洞 1.0
CVE-2020-16957 Microsoft   Office Access连接引擎远程代码执行漏洞 1.0
CVE-2020-16969 Microsoft   Exchange信息泄露漏洞 1.0

 

 

0x02 处置建议

1.微软官方下载相应补丁进行更新。

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898

2.通过禁用ICMPv6 RDNSS来缓解风险。

可以使用下面的PowerShell命令禁用ICMPv6 RDNSS,以防止攻击者利用此漏洞。此方法仅适用于Windows 1709及更高版本。(注意事项: 进行更改后,无需重新启动。)

netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable

也可以使用下面的PowerShell命令来禁用上述缓解措施:

netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enable

 

0x03 参考链接

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Oct

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898

https://securityaffairs.co/wordpress/109457/security/microsoft-october-2020-patch-tuesday.html?

发表评论

评论已关闭。

相关文章