In October 2020, Microsoft patched a set of vulnerabilities that included critical networking bugs CVE-2020-16898 and CVE-2020-16899. Known as “Bad Neighbor” or “Ping of Death Redux,” these flaws lurk in the TCP/IP networking implementation in Windows in how incoming ICMPv6 packets are handled under certain conditions.
Both CVE-2020-16898 and CVE-2020-16899 represent the Bad Neighbor vulnerability, however, the impact of CVE-2020-16898 is remote code execution, while for CVE-2020-16899 it is denial of service (DoS).
The flaw demands attention as it impacts even recent Windows 10 and Server versions, heavily in use in both enterprise and home environments. Moreover, multiple proof-of-concept (PoC) exploits for this vulnerability have sprung up on the internet.
What is Bad Neighbor?
Microsoft’s security advisory on the vulnerability is rather simplistic: