Threat Intelligence: Bad Neighbor

CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability
Oct 14, 2020
Threat Intelligence

Microsoft announced a critical vulnerability in the Windows IPv6 stack 

Microsoft announced a critical vulnerability (CVE-2020-16898) on October 13, 2020 with a CVSS score of 9.8. The vulnerability is located within an ICMPv6 Neighbor Discovery “Protocol”, and uses the Router Advertisement type in the Windows IPv6 stack. 

The vulnerability allows an attacker to send maliciously-crafted packets to potentially execute arbitrary code on a remote system. It results in an immediate BSOD (Blue Screen of Death), but more so, indicates the likelihood of exploitation for those who can manage to bypass Windows 10 and Windows Server 2019 mitigations.

Devices affected

Windows 10  is used in many critical medical devices provided by a multitude of vendors (e.g. GE, Carestream, Siemens, Becton Dickinson, Zeiss, Hyland, Philips, Pie Medical, Hologic, MES, FujiFilm, Nipro), including myriad radiology and laboratory devices running various versions of the operating system, such as:

  • MRI
  • CT
  • Ultrasound devices
  • Medicine dispensers
  • OCT machines
  • DICOM Workstation
  • Specimen Radiography System
  • Hemodialysis
  • X-Ray

Many device manufacturers are still working to identify which device models are affected. 

What does this mean for healthcare facilities?

Threat actors exploiting the Bad Neighbor vulnerability could use remote code execution to gain control of systems and devices across large-scale healthcare environments. The impact to healthcare facilities could be significant, as this type of bug could be made wormable.

Cynerio’s Research Team is closely monitoring the development of this vulnerability and maintains close contact with relevant vendors for available patches and updates. Alerts will be sent out immediately whenever a vulnerable or infected device is identified.

What can you do until patches are made available?

Map the critical devices on your network running Windows 10 and harden your network with North-South and East-West segmentation. For your convenience, we’ve put together a few handy guides and use cases on Network Segmentation here

In support of CISA's National Cyber Awareness Month, Cynerio is offering healthcare facilities in North America  a free risk assessment until October 31.

Contact us today to get your free risk assessment.

Keep your finger on the pulse of Healthcare IoT security

Get Your Free Pass to HIMSS21

August 9 -13, Las Vegas

HOW? Easy! If you are a Healthcare IT Executive and you book a 30-minute call with us before July 30th, you get a free pass (valued at $1295)

Book a Call

*Please note that there is limited pass availability