[CITL] Intent to block ICMP traffic to UCR campus network

[Jonathan L Ocab]

The Information Security Office is planning to filter and/or block ICMP traffic inbound to the campus from the Internet and is requesting your partnership in identifying any potential adverse impact.

There is a vulnerability in Windows 10/11 and Windows Server 2008/2012/2016/2019/2022 related to ICMP.

Essentially, a malicious actor can send a crafted ICMP packet to a vulnerable Windows host to execute arbitrary code on the remote system. See attached Mandiant Advantage vulnerability report (PDF).

This vulnerability is identified as CVE-2023-23415 with a CVSS Score of 9.8 (out of 10).

While exploit code is not yet in the wild and Windows patches are now available, the Information Security Office believes this is a high-risk, high-impact threat that the campus must be prepared to mitigate against.

In order to mitigate this threat, the Information Security Office is investigating the feasibility of filtering and/or blocking ICMP traffic inbound to campus from the Internet.

If anyone in CITL knows of any adverse impact this action would have on campus networked services, please send me your feedback directly - jonathan.ocab at ucr.edu.

Thank you.


---
Jonathan Ocab | jonathan.ocab at ucr.edu<mailto:jonathan.ocab at ucr.edu>
Manager, Information Security Operations
Information Security Office
University of California, Riverside
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucr.edu/pipermail/citl/attachments/20230317/76ceadbc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 23-00004484.pdf
Type: application/pdf
Size: 61202 bytes
Desc: 23-00004484.pdf
URL: <https://lists.ucr.edu/pipermail/citl/attachments/20230317/76ceadbc/attachment-0001.pdf>