This morning you may have noticed a new Windows Update waiting for you as you powered on your PC.
Cumulative Update KB4580328 contains a patch for a rather severe security vulnerability known as Bad Neighbor, so we recommend downloading it as soon as possible.
As detailed by McAfee, Bad Neighbor “allows an attacker to send maliciously crafted packets to potentially execute arbitrary code on a remote system”, due to a vulnerability in the Windows IPv6 stack.
“The effects of an exploit that would grant remote code execution would be widespread and highly impactful, as this type of bug could be made wormable. For ease of reference, we nicknamed the vulnerability ‘Bad Neighbor’ because it is located within an ICMPv6 Neighbor Discovery ‘Protocol’, using the Router Advertisement type,” McAfee wrote in a release on Tuesday.
A proof-of-concept shared with the Microsoft Active Protection Program by McAfee was reportedly “extremely simple and perfectly reliable”.
The threat surface here is of concern, as the vulnerability is present in Windows 10. This means that if left unchecked a ne’er-do-well could weaponise the vulnerability and use it to spread malware throughout a network.
As mentioned though, this risk can be mitigated by updating Windows. Simply head to Settings, click or tap Update & Security and then click or tap Check for Updates. Be sure to install the update, you will need to restart your PC.
Alternatively, you can head to this URL and search for KB4580328 to download the update manually, just be sure to select the correct update for your platform name ARM64, x64 or x86.