Ping of Death vulnerability makes a return in Windows 10

Posted on Thursday, October 15 2020 @ 12:23 CEST by Thomas De Maesschalck
MSFT logo
Sophos security researchers discovered a new Ping of Death vulnerability in Windows 10. A bug in the Windows' TCP/IP driver allows an attacker to send a specially crafted packet that will crash your PC. Besides causing a Blue Screen of Death (BSOD), the bug may also allow remote code execution, but Sophos thinks such an attack will be hard to pull off.

Interestingly, this is the second time Windows is affected by a Ping of Death vulnerability. A similar vulnerability in the TCP/IP driver got patched in 2013.
The vulnerability in tcpip.sys, a logic error in how the driver parses ICMP messages, can be triggered remotely with a crafted IPv6 router advertisement packet containing a Recursive DNS Server (RDNSS) option. The RDNSS option typically contains a list of the IPv6 addresses of one or more recursive DNS servers.

There is a logic flaw in tcpip.sys that can be exploited by crafting a router advertisement packet containing more data than expected, which results in the driver putting more bytes of data on its memory stack than provided for in the driver’s code, resulting in a buffer overflow. In theory, this could be used for both denial of service and remote code execution attacks. But in practice, achieving remote code execution would be extremely difficult.
The vulnerability was patched via this week's Patch Tuesday updates from Microsoft.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments