Detect Bad Neighbor Vulnerability on Windows 10 Systems
Back to top
October 14, 2020
Detect Bad Neighbor Vulnerability on Windows 10 Systems
The Windows 10 vulnerabilities unveiled by Microsoft on October 13th include a remote DoS (CVE-2020-16899) and a remote code execution flaw (CVE-2020-16898) dubbed 'Bad Neighbor'. Both of these vulnerabilities are in code that processes ICMPv6 Router Advertisement messages, a fundamental part of IPv6.
This is a widespread problem, as evidenced by the fact that through 2020, 80% of all PCs will have migrated to Windows 10, according to Gartner*. Given the fact that Windows 10 device patching is markedly quick, we do not expect to see a NotPetya-scale impact from this bug. But, organizations must immediately patch their systems to avoid impact. Users essentially cannot disable the IPv6 functionality, but can mitigate it with work-arounds if applying the patch is difficult.
This vulnerability would allow a hacker to exploit a remote code execution (RCE) vulnerability to run malware or launch a denial of service (DoS) attack. Because this vulnerability is in the IP stack in the kernel, other security solutions (like EDR, SIEM or IDPS) are unlikely to detect these particular exploits. EDR solutions will only see the attack once the payload is executed and logs in a SIEM are unlikely to detect this vulnerability because messages (ICMP) are rarely logged.
ExtraHop Reveal(x) has a unique ability to see network attacks. By monitoring network data, Reveal(x) will catch threats that other tools miss and enable your team to investigate and respond to threats 84% faster.
Recommendations For Mitigating Bad Neighbor
Any organization using Windows 10 is vulnerable and should deploy the patch immediately to avoid compromise of their Windows 10 systems.
To ensure that our customers remain safe before they have time to deploy the patch, ExtraHop has created and deployed detections for this vulnerability for all customers running 8.0 and higher.
*Gartner, Forecast Analysis: PCs, Ultramobiles and Mobile Phones, Worldwide, 4Q19 Update, Ranjit Atwal, Annette Jump, Roberta Cozza, Tuong Nguyen, Bruno Lakehal, Mikako Kitagawa, Annette Zimmermann, CK Lu, Tracy Tsai, 22 January 2020
CISO
Jeff Costlow
Jeff Costlow is the CISO at ExtraHop. He started his career in computer security in 1997. Jeff has deep experience with networking protocols, a passion for secure software development and many years of software engineering under his belt.
In his spare time, Jeff enjoys building and sailing small boats, making beer or cider, mentoring for FIRST robotics, and raising Pacific Northwest mason bees.
Connect with Jeff on Twitter or LinkedIn!
Share
