Critical Windows TCP/IP Vulnerability (August 16th, 2024) 

Ref# AL2024_30 | Date: Aug 16th 2024

Description 

critical zero-click remote code execution (RCE) vulnerability, tracked as CVE-2024-38063, has been discovered in the Windows TCP/IP stack. This flaw impacts all Windows systems with IPv6 enabled, including Windows 10, Windows 11, and Windows Server editions. Given that IPv6 is enabled by default on these systems, the vulnerability has far-reaching implications. 

The vulnerability stems from an Integer Underflow weakness that leads to buffer overflows, potentially allowing attackers to execute arbitrary code on affected systems. Due to its critical nature and the potential for widespread exploitation, Microsoft has issued an urgent advisory, encouraging users to apply the necessary patches immediately. 

Attack Details 

CVE-2024-38063 is a serious security flaw that can be exploited remotely by unauthenticated attackers. The attack requires low complexity, meaning it can be executed with relative ease by sending specially crafted IPv6 packets to a vulnerable system. Notably, the vulnerability is triggered before the system’s firewall processes the packets, rendering traditional firewall protections ineffective. Given the nature of the flaw, it is considered wormable, meaning it could potentially propagate across networks without user interaction. 

 Remediation 

To mitigate the risk associated with CVE-2024-38063, Microsoft recommends several actions: 

  1. Apply the Latest Patches: Microsoft has released security updates to address CVE-2024-38063.  
  1. Disable IPv6 Temporarily: If patching is not immediately feasible, Microsoft recommends disabling IPv6 as a temporary mitigation measure. However, this should be done cautiously, as IPv6 is a core component of Windows and disabling it might affect the functionality of certain Windows features. 
  1. Enhanced Monitoring: Implement enhanced monitoring for signs of exploitation, particularly focusing on network traffic associated with IPv6.  

The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary. 

 PDF Download: Critical Windows TCP-IP Vulnerability

References 

CVE-2024-38063. (n.d.).  Retrieved from Tenable®. 

 https://www.tenable.com/cve/CVE-2024-38063 

Gatlan, S. (2024, August 14). Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now.  Retrieving from BleepingComputer. https://www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled-patch-now/