Microsoft Defender for Endpoint, formerly known as Microsoft Defender Advanced Threat Protection, provides enterprise-level protection to endpoints to prevent, detect, investigate, and respond to advanced threats.

Microsoft announced a critical vulnerability as part of their Patch Tuesday on 10/12/2020. CVE-2020-16898, dubbed "Bad Neighbor", is a remote code execution (RCE) that occurs when the Windows TCP/IP stack incorrectly handles ICMPv6 Router Advertisement packets with an even length field.

Datashield recommends patching any Microsoft Windows domain controllers due to the recently released vulnerability, CVE-2020-1472, and subsequent release of publicly available proof of concepts (POC’s). An unauthenticated attacker with access to the network and a route to a domain controller, will allow attackers to compromise it and obtain domain admin privileges in the network. There is no current mitigation besides patching the affected domain controllers.

Microsoft released a security bulletin today detailing a RCE in all known Windows DNS Servers, with a base CVSS score of 10.0.

Datashield is aware of a recent vulnerability [CVE-2020-5902] and it has been published for the following F5 products: BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM)

Two more security issues announced surrounding Remote Code Execution against Remote Desktop Services. Microsoft released a notice today concerning two vulnerabilities, which would result in a Remote Code Execution vulnerability against the Remote Desktop Services. These are being tracked under CVE-2019-1181 and CVE-2019-1182. This is akin the previous vulnerability that we notified you on, CVE-2019-0708, aka Bluekeep.