CVE-2020-16898

Name of the Vulnerable Software and Affected Versions: Windows TCP/IP stack (affected versions not specified)

Description: A remote code execution issue exists due to improper handling of ICMPv6 Router Advertisement packets by the Windows TCP/IP stack. This allows an attacker to execute arbitrary code on a target server or client by sending specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.

Recommendations: To resolve the issue, update the Windows TCP/IP stack to the latest version that correctly handles ICMPv6 Router Advertisement packets. As a temporary workaround, consider restricting access to the Windows TCP/IP stack to minimize the risk of exploitation. Avoid using the ICMPv6 Router Advertisement packets in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.