事件描述
该漏洞为 Windows 系统 TCP/IP 协议栈处理 ICMPv6 路由广播包时存在的远程代码执行漏洞,通过发送恶意构造的 ICMPv6 路由广播包,成功利用此漏洞可导致远程代码执行或拒绝服务。
漏洞编号
CVE-2020-16898
影响版本
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
安全建议
针对该漏洞,微软已发布相关补丁更新,见如下链接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898
对于暂时无法进行更新的用户,可以通过以下命令临时禁用系统中的 ICMPv6 RDNSS,以防止攻击者使用此漏洞,需要注意的是该方法仅适用于 Windows 1709 及更新的系统,该方法无需重启系统
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable
可通过以下命令撤销之前的禁用命令
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enable
我i南阳理工