情資內容

(發布日期為2020年10月15日，於2020年10月19日更新概念性驗證程式連結) 一、漏洞說明[1] Windows TCP/IP協定的堆疊不當處理 ICMPv6 路由器宣告封包時，即存在遠端執行程式碼漏洞。成功利用此漏洞的攻擊者可能會取得在目標伺服器或用戶端上執行程式碼的能力。 為了利用此漏洞，攻擊者必須將特製的ICMPv6路由器宣告封包傳送到遠端 Windows電腦。 二、已揭露概念性驗證程式說明[2][3] 資安廠商Sophos已揭露概念性驗證程式，可針對此一漏洞進行攻擊。 三、影響平台:[1] Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for ARM64-based Systems Windows Server, version 1903 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) 四、CVSS向量: CVE-2020-16898[1] 使用版本：CVSS 3.0 分析分數：9.8 影響等級:3 參考來源 :Microsoft 五、建議措施: 1.Microsoft 已推出解決此漏洞的更新，並強烈建議執行更新[1] 2.如無法立刻更新，可採行緩解措施[1] 管理者停用ICMPv6 RDNSS功能，方式為於powershell下執行 netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable 如需恢復，於powershell下執行 netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enable 參考連結： 1.Microsoft https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16898 2. Sophos https://nakedsecurity.sophos.com/2020/10/14/windows-ping-of-death-bug-revealed-patch-now/amp/ 3. International Institute of Cyber Security https://www.iicybersecurity.com/poc-exploit-for-critical-vulnerability-cve-2020-16898-in-windows-10-released.html 建議措施： 參考資料： 影響平台：