'Bad Neighbor' Security Exploit Is Causing BSOD Hell, Patch Your System Now

BSOD hero
Get ready to patch your Windows systems as a new bug has been discovered that can lead to the dreaded Blue Screen of Death. This bug, labeled the “Bad Neighbor” exploit (CVE-2020-16898), enables an attacker who crafts an IPv6 packet to completely crash a system.

The team at Sophos Labs explains that in “tcpip.sys, a logic error in how the driver parses ICMP messages can be triggered remotely with a crafted IPv6 router advertisement packet containing a Recursive DNS Server (RDNSS) option.” The IPv6 router advertisement packet sends too much data and creates a buffer overflow, which corrupts the system memory stack. This corruption sends the whole operating system toppling. Once they understood how that worked, the researchers made a proof-of-concept attack seen in the video below.

As Paul Ducklin states, “a malcontent on your network who could crash any computers at will, servers and laptops alike, could cause plenty of harm just through what’s known as a denial of service attack, especially because recovering from each crash requires a complete reboot.” In theory, the exploit could also be used to do remote code execution and take over a machine, but that would be difficult at best.

If you want to defend against this, you can patch your systems and wait for updates from Microsoft. Aside from that, you can disable IPv6 in Windows if you are not using it or disable the IPv6 IMCP RDNSS feature, which is the source of the issue. If you want to read more about this exploit, you can do so on Microsoft’s CVE page to learn about workarounds and additional information.