Like every month, Microsoft is releasing a new update to its Windows 10 operating system. October 2020 Patch is already available. It fixes no less than 87 security flaws, including one considered particularly dangerous by Microsoft researchers. Nestled in the implementation of the ICMP protocol, it notably made it possible to cause a “blue screen of death”.
After a rather substantial July 2020 patch Tuesday with 120 security flaws corrected , Microsoft is working to find a solution for the 87 vulnerabilities detected on Windows 10 in October 2020. The American giant has just published the Tuesday patch on a wide range of Microsoft products.
Among its multiple flaws, one particularly worried the IT security experts of the Redmond firm. Responding to the number of CVE-2020-16898, this vulnerability was discovered in the implementation of the ICMP protocol in the kernel of Windows 10. According to the explanations of Microsoft researchers, this bug could allow attackers to take control of systems Windows.
From blue screen to arbitrary code execution
How? ‘Or’ What ? Just send malicious ICMP Router Warning for IPv6 advertisement packets to an unpatched computer. Once on the PC, this time bomb causes a blue screen of death at best , and at worst would execute an arbitrary code on your machine. And indeed, a skilled hacker could easily take control of the PC.
However, the operation would prove particularly difficult according to Microsoft experts, because of the many security systems of the OS to avoid this kind of scenario. This flaw was exploitable on Windows 10 and Windows Server 2019, and its severity score still reached 9.8 out of 10 , which says a lot about how dangerous it is.
There is no need to reiterate how important it is to make these updates. And yet at the beginning of October, the firm AdDuplex published a statistical study thanks to which we learned that 30% of users have not updated their PC for more than a year . Indeed, it turns out that 25% of users are still under the May 2019 update , while others are still under the October 2018 version or the April 2018 version.