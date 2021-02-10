Patch Windows to avoid denial of service attacks: Microsoft

Flaws in TCP/IP stack expected to be exploited.

Microsoft has issued an urgent security alert advising customers to apply patches for vulnerabilities in the Windows transmission control/internet protocol (TCP/IP) networking stack, as its security researchers expect the flaws to be exploited soon.

Of the three vulnerabilities, the CVE-2021-24086 flaw is easy to exploit for denial of service attacks that cause a STOP error with a Blue Screen of Death in Windows, Microsoft said.

Two remote code execution (RCE) bugs are also fixed in this month's Patch Wednesday set of security updates.

Microsoft said that the two RCE vulnerabilities are more complex to exploit, and not likely to be abused in the short term.

However, Microsoft nevertheless expects there to be exploits for all three vulnerabilities shortly after release, and recommends that customers quickly apply patches for Windows.

A workaround for the flaws involves setting Source Routing for IPv4 traffic, by using the Group Policy feature, or the NETSH command in a terminal window.

For IPv6, blocking fragments can mitigate against the vulnerabilities, but could also negatively impact services that depend on the newer internet protocol.

Discover how organisations are quickly turning data into business value
10 reasons why businesses need to invest in cloud security training
Your guide to application security solutions
State of Software Security: Open Source Edition
Five questions to ask before you upgrade to a SIEM solution
Starlink AU-NZ service to launch mid-to-late 2021

Bug in popular wi-fi module allows remote takeover

Telstra proposes 'net reduction of up to 1425 roles'

The Greens want a publicly-owned search engine to replace Google

