CVE-2020-16898存在于Windows TCP/IP堆栈中。攻击者可以通过网络连接将恶意的ICMPv6路由器广播数据包发送到未打补丁的系统,从而在目标服务器或客户端上执行任意代码。
该漏洞的影响范围:
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
部分安全漏洞如下:
| 漏洞编号 | 漏洞名称 | 版本 |
| CVE-2020-16919 | Windows企业应用程序管理服务信息泄露漏洞 | 1.0 |
| CVE-2020-16889 | Windows KernelStream信息泄露漏洞 | 1.0 |
| CVE-2020-16896 | Windows远程桌面协议(RDP)信息泄露漏洞 | 1.0 |
| CVE-2020-16897 | NetBT信息泄露漏洞 | 1.0 |
| CVE-2020-16901 | Windows内核信息泄露漏洞 | 1.0 |
| CVE-2020-16904 | Azure功能特权提升漏洞 | 1.0 |
| CVE-2020-16914 | Windows GDI +信息泄露漏洞 | 1.0 |
| CVE-2020-16918 | Base3D远程代码执行漏洞 | 1.0 |
| CVE-2020-16919 | Windows企业应用程序管理服务信息泄露漏洞 | 1.0 |
| CVE-2020-16921 | Windows Text Services框架信息泄露漏洞 | 1.0 |
| CVE-2020-16928 | Microsoft Office权限提升漏洞 | 1.0 |
| CVE-2020-16929 | Microsoft Excel远程代码执行漏洞 | 1.0 |
| CVE-2020-16930 | Microsoft Excel远程代码执行漏洞 | 1.0 |
| CVE-2020-16931 | Microsoft Excel远程代码执行漏洞 | 1.0 |
| CVE-2020-16932 | Microsoft Excel远程代码执行漏洞 | 1.0 |
| CVE-2020-16933 | Microsoft Word安全功能绕过漏洞 | 1.0 |
| CVE-2020-16934 | Microsoft Office权限提升漏洞 | 1.0 |
| CVE-2020-16937 | .NET Framework信息泄露漏洞 | 1.0 |
| CVE-2020-16938 | Windows内核信息泄露漏洞 | 1.0 |
| CVE-2020-16941 | Microsoft SharePoint信息泄露漏洞 | 1.0 |
| CVE-2020-16942 | Microsoft SharePoint信息泄露漏洞 | 1.0 |
| CVE-2020-16947 | Microsoft Outlook远程代码执行漏洞 | 1.0 |
| CVE-2020-16949 | Microsoft Outlook拒绝服务漏洞 | 1.0 |
| CVE-2020-16954 | Microsoft Office远程代码执行漏洞 | 1.0 |
| CVE-2020-16955 | Microsoft Office权限提升漏洞 | 1.0 |
| CVE-2020-16957 | Microsoft Office Access连接引擎远程代码执行漏洞 | 1.0 |
| CVE-2020-16969 | Microsoft Exchange信息泄露漏洞 | 1.0 |
1.微软官方下载相应补丁进行更新。
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898
2.通过禁用ICMPv6 RDNSS来缓解风险。
可以使用下面的PowerShell命令禁用ICMPv6 RDNSS,以防止攻击者利用此漏洞。此方法仅适用于Windows 1709及更高版本。(注意事项: 进行更改后,无需重新启动。)
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable
也可以使用下面的PowerShell命令来禁用上述缓解措施:
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enable
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Oct
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898
https://securityaffairs.co/wordpress/109457/security/microsoft-october-2020-patch-tuesday.html?
评论已关闭。
豫公网安备 41010502004035号 
