There were 11 critical bugs and six that were unpatched but publicly known in this month s regularly scheduled Microsoft updates. A remote code-execution (RCE) problem in the TCP/IP stack allows attackers to execute arbitrary code with elevated privileges using a specially crafted ICMPv6 router advertisement. Microsoft gives this bug its highest exploitability rating, meaning attacks in the wild are extremely likely and as such, it carries a severity rating of 9.8 out of 10 on the CvSS vulnerability scale.
Source: https://threatpost.com/october-patch-tuesday-wormable-bug/160044/