Sophos security researchers discovered a new Ping of Death vulnerability in Windows 10. A bug in the Windows' TCP/IP driver allows an attacker to send a specially crafted packet that will crash your PC. Besides causing a Blue Screen of Death (BSOD), the bug may also allow remote code execution, but Sophos thinks such an attack will be hard to pull off.
Interestingly, this is the second time Windows is affected by a Ping of Death vulnerability. A similar vulnerability in the TCP/IP driver got patched in 2013.
The vulnerability in tcpip.sys, a logic error in how the driver parses ICMP messages, can be triggered remotely with a crafted IPv6 router advertisement packet containing a Recursive DNS Server (RDNSS) option. The RDNSS option typically contains a list of the IPv6 addresses of one or more recursive DNS servers.
There is a logic flaw in tcpip.sys that can be exploited by crafting a router advertisement packet containing more data than expected, which results in the driver putting more bytes of data on its memory stack than provided for in the driver’s code, resulting in a buffer overflow. In theory, this could be used for both denial of service and remote code execution attacks. But in practice, achieving remote code execution would be extremely difficult.
The vulnerability was patched via this week's Patch Tuesday updates from Microsoft.