Every time that critical patches come out for any operating system, device or app that we think you might be using, you can predict in advance what we’re going to say.
Patch early, patch often.
After all, why risk letting the crooks sneak in front of you when you could take a resolute stride ahead of them?
Well, this month, the Offensive Security team at SophosLabs (that’s offensive as in the opposite of defensive, by the way, not as in the opposite of polite; and it’s the security that’s offensive anyway, not the team) has come up with some even more compelling “patch now” advice.
It’s in the form of a short video, and it shows an unpatched Windows 10 computer being crashed at will across the network by a simple bug-tripping Python script:
If the person running the script can aim a specially crafted IPv6 network packet at your computer – specifically, a booby-trapped ICMP packet – then they can bring you down without warning.
You see a Blue Screen of Death (BSoD), and any work you hadn’t saved is lost, probably forever.
ICMP is short for Internet Control Message Protocol, and it’s a low-level type of network packet that’s much simpler than setting up a regular TCP connection, and even simpler than UDP. The best known sort of ICMP message is probably a ping packet, generated by the
ping utility that exists on almost every operating system. You ping a computer by its IP address and if it gets the packet, it sends a reply – a pong packet, if you like. Pinging checks whether you can communicate with another device at all, as a basic but useful starting point for network diagnostics. Loosely speaking, if someone can ping your unpatched Windows 10 or Windows Server 2019 computer from theirs, they can probably crash you with this bug.
We’re not going to go into any detail here – and even in the SophosLabs report our experts have avoided giving away enough for you start exploiting this vulnerability at will – but what you need to know is that this bug is denoted CVE-2020-16898.
The bug was discovered in a Windows component called
TCPIP.SYS, and as the filename suggests, this isn’t just any old program.
TCPIP.SYS is a kernel driver, meaning that if you trigger this bug, you are exploiting a vulnerability inside the kernel itself, which is the very core of any running Windows system.
That’s why the system crashes with a BSoD rather than just shutting down one application with an error while leaving everything else running.
After all, shutting down the kernel means that there is no “anything else” to keep running, given that it’s the kernel that controls everything else.
So, a kernel crash, also known as a panic in Unix jargon, forces a total shutdown, typically followed by an automatic reboot.