NEW

The True Cost of a Security Breach

Arrow pointing right
ExtraHop Logo
Contact us
Menu iconX icon
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right
Sign In
Contact us

Arrow pointing leftBlog

Detect Bad Neighbor Vulnerability on Windows 10 Systems

Jeff Costlow

October 14, 2020

The Windows 10 vulnerabilities unveiled by Microsoft on October 13th include a remote DoS (CVE-2020-16899) and a remote code execution flaw (CVE-2020-16898) dubbed 'Bad Neighbor'. Both of these vulnerabilities are in code that processes ICMPv6 Router Advertisement messages, a fundamental part of IPv6.

This is a widespread problem, as evidenced by the fact that through 2020, 80% of all PCs will have migrated to Windows 10, according to Gartner*. Given the fact that Windows 10 device patching is markedly quick, we do not expect to see a NotPetya-scale impact from this bug. But, organizations must immediately patch their systems to avoid impact. Users essentially cannot disable the IPv6 functionality, but can mitigate it with work-arounds if applying the patch is difficult.

This vulnerability would allow a hacker to exploit a remote code execution (RCE) vulnerability to run malware or launch a denial of service (DoS) attack. Because this vulnerability is in the IP stack in the kernel, other security solutions (like EDR, SIEM or IDPS) are unlikely to detect these particular exploits. EDR solutions will only see the attack once the payload is executed and logs in a SIEM are unlikely to detect this vulnerability because messages (ICMP) are rarely logged.

ExtraHop Reveal(x) has a unique ability to see network attacks. By monitoring network data, Reveal(x) will catch threats that other tools miss and enable your team to investigate and respond to threats 84% faster.

Recommendations For Mitigating Bad Neighbor

Any organization using Windows 10 is vulnerable and should deploy the patch immediately to avoid compromise of their Windows 10 systems.

To ensure that our customers remain safe before they have time to deploy the patch, ExtraHop has created and deployed detections for this vulnerability for all customers running 8.0 and higher.

Bad Neighbor Detection

*Gartner, Forecast Analysis: PCs, Ultramobiles and Mobile Phones, Worldwide, 4Q19 Update, Ranjit Atwal, Annette Jump, Roberta Cozza, Tuong Nguyen, Bruno Lakehal, Mikako Kitagawa, Annette Zimmermann, CK Lu, Tracy Tsai, 22 January 2020

Discover more

CybersecuritySecurity AlertsIndustry TrendsRevealXTips and HacksNDR

Explore related articles

Security Alert: Detecting CVE-2020-1472 Zerologon Exploitation with NDR

September 16, 2020

The recent Zerologon vulnerability (CVE-2020-1472) could allow attackers to get control of a Windows domain without any user credentials. Learn how it works and how to protect against exploits.

CybersecuritySecurity AlertsIndustry TrendsRevealXTips and HacksNDR
Read articleArrow pointing right

Ripple20: How to Identify Vulnerable Devices

July 24, 2020

The Ripple20 group of vulnerabilities affects hundreds of millions of devices across many industries. Learn how to identify devices using the vulnerable Treck software and detect Ripple20 exploits.

CybersecuritySecurity AlertsIndustry TrendsRevealXTips and HacksNDR
Read articleArrow pointing right

ExtraHop Named a Representative Vendor in the 2020 Gartner Market Guide for NDR

June 17, 2020

Get the top takeaways from the 2020 Gartner Market Guide for Network Detection and Response and see ExtraHop as a Representative Vendor.

CybersecurityIndustry TrendsNTANDR
Read articleArrow pointing right

Experience RevealX NDR for Yourself

Schedule a demo
Contact us