Technology giant Microsoft has released its monthly set of security fixes known as Patch Tuesday, and in October the OS maker has fixed 87 flaws across an extensive range of Microsoft products.
So far, the most hazardous bug fixed this month is CVE-2020-16898. Labeled as a remote code execution (RCE) flaw in the Windows TCP/IP stack, this bug can let attackers capture Windows systems by sending malicious ICMPv6 Router Advertisement packets to an unpatched computer through a network connection.
The bug was found internally by Microsoft engineers, and OS versions susceptible to CVE-2020-16898 include Windows 10 and Windows Server 2019.
The software behemoth considers the bug risky and likely to be weaponized and has a severity score of 9.8 out of a maximum of 10.
It’s recommended to fix the bug, but workarounds such as disabling ICMPv6 RDNSS support also exist, which would let system administrators arrange brief mitigations until they quality-test this month’s security updates for any OS-crashing bugs.
Another flaw to keep an eye on is CVE-2020-16947, a remote code execution issue in Outlook. Microsoft says this vulnerability can be exploited by deceiving a user “to open a specially crafted file with an affected version of Microsoft Outlook software.”