Description
critical zero-click remote code execution (RCE) vulnerability, tracked as CVE-2024-38063, has been discovered in the Windows TCP/IP stack. This flaw impacts all Windows systems with IPv6 enabled, including Windows 10, Windows 11, and Windows Server editions. Given that IPv6 is enabled by default on these systems, the vulnerability has far-reaching implications.
The vulnerability stems from an Integer Underflow weakness that leads to buffer overflows, potentially allowing attackers to execute arbitrary code on affected systems. Due to its critical nature and the potential for widespread exploitation, Microsoft has issued an urgent advisory, encouraging users to apply the necessary patches immediately.
Attack Details
CVE-2024-38063 is a serious security flaw that can be exploited remotely by unauthenticated attackers. The attack requires low complexity, meaning it can be executed with relative ease by sending specially crafted IPv6 packets to a vulnerable system. Notably, the vulnerability is triggered before the system’s firewall processes the packets, rendering traditional firewall protections ineffective. Given the nature of the flaw, it is considered wormable, meaning it could potentially propagate across networks without user interaction.
Remediation
To mitigate the risk associated with CVE-2024-38063, Microsoft recommends several actions:
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
PDF Download: Critical Windows TCP-IP Vulnerability
References
CVE-2024-38063. (n.d.). Retrieved from Tenable®.
https://www.tenable.com/cve/CVE-2024-38063
Gatlan, S. (2024, August 14). Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now. Retrieving from BleepingComputer. https://www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled-patch-now/