事件描述

該漏洞為Windows系統(tǒng)TCP/IP協(xié)議棧處理ICMPv6路由廣播包時存在的遠程代碼執(zhí)行漏洞，通過發(fā)送惡意構(gòu)造的ICMPv6路由廣播包，成功利用此漏洞可導致遠程代碼執(zhí)行或拒絕服務。

漏洞編號

CVE-2020-16898

影響版本

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

安全建議

針 對 該 漏 洞 ， 微 軟 已 發(fā) 布 相 關(guān) 補 丁 更 新 ， 見 如 下 鏈 接 :https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898

對于暫時無法進行更新的用戶，可以通過以下命令臨時禁用系統(tǒng)中的ICMPv6RDNSS，以防止攻擊者使用此漏洞，需要注意的是該方法僅適用于Windows 1709及更新的系統(tǒng)，該方法無需重啟系統(tǒng)

netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable可通過以下命令撤銷之前的禁用命令

netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enable