Threat Intelligence: Bad Neighbor
Microsoft announced a critical vulnerability in the Windows IPv6 stack
Microsoft announced a critical vulnerability (CVE-2020-16898) on October 13, 2020 with a CVSS score of 9.8. The vulnerability is located within an ICMPv6 Neighbor Discovery “Protocol”, and uses the Router Advertisement type in the Windows IPv6 stack.
The vulnerability allows an attacker to send maliciously-crafted packets to potentially execute arbitrary code on a remote system. It results in an immediate BSOD (Blue Screen of Death), but more so, indicates the likelihood of exploitation for those who can manage to bypass Windows 10 and Windows Server 2019 mitigations.
Windows 10 is used in many critical medical devices provided by a multitude of vendors (e.g. GE, Carestream, Siemens, Becton Dickinson, Zeiss, Hyland, Philips, Pie Medical, Hologic, MES, FujiFilm, Nipro), including myriad radiology and laboratory devices running various versions of the operating system, such as:
- Ultrasound devices
- Medicine dispensers
- OCT machines
- DICOM Workstation
- Specimen Radiography System
Many device manufacturers are still working to identify which device models are affected.
What does this mean for healthcare facilities?
Threat actors exploiting the Bad Neighbor vulnerability could use remote code execution to gain control of systems and devices across large-scale healthcare environments. The impact to healthcare facilities could be significant, as this type of bug could be made wormable.
Cynerio’s Research Team is closely monitoring the development of this vulnerability and maintains close contact with relevant vendors for available patches and updates. Alerts will be sent out immediately whenever a vulnerable or infected device is identified.
What can you do until patches are made available?
Map the critical devices on your network running Windows 10 and harden your network with North-South and East-West segmentation. For your convenience, we’ve put together a few handy guides and use cases on Network Segmentation here.
In support of CISA's National Cyber Awareness Month, Cynerio is offering healthcare facilities in North America a free risk assessment until October 31.
Contact us today to get your free risk assessment.