Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The TCP / IP error propagates over IPv6 systems without user intervention.
Microsoft has warned users about a critical TCP / IP vulnerability that allows remote code execution (RCE) on all Windows systems with IPv6 enabled by default.
Vulnerability CVE-2024-38063 (CVSS score: 9.8) is associated with integer Underflow and can be used by attackers to overflow the buffer and execute arbitrary code on vulnerable systems Windows 10, Windows 11 and Windows Server. The bug was discovered by a security researcher from Kunlun Lab, known under the pseudonym XiaoWei
XiaoWei stressed that due to the severity of the threat, it won't be releasing additional details anytime soon. The researcher also noted that blocking IPv6 through the local Windows firewall will not prevent exploitation of the vulnerability, since the error is activated before the firewall processes packets.
Microsoft explained in its official notice that attackers can exploit the bug remotely by repeatedly sending specially crafted IPv6 packets. The problem is characterized by a low complexity of operation, which increases the likelihood of its use in attacks. The company noted that similar vulnerabilities have previously been the target of attacks, which makes this error especially attractive to attackers.
For those who can't immediately install the latest security updates, Microsoft recommends disabling IPv6 to reduce the risk of an attack. However, the company warns that disabling IPv6 may cause some Windows components to malfunction, as the protocol is a mandatory part of the operating system starting with Windows Vista and Windows Server 2008.
Trend Micro called CVE-2024-38063 one of the most serious vulnerabilities patched by Microsoft as part of the current security update. The company stressed that the vulnerability has the status of "wormable", which means that it can spread between systems without user intervention, similar to computer worms. Trend Micro also reminded that IPv6 is enabled by default on almost all devices, which makes it harder to prevent attacks.
Source
Microsoft has warned users about a critical TCP / IP vulnerability that allows remote code execution (RCE) on all Windows systems with IPv6 enabled by default.
Vulnerability CVE-2024-38063 (CVSS score: 9.8) is associated with integer Underflow and can be used by attackers to overflow the buffer and execute arbitrary code on vulnerable systems Windows 10, Windows 11 and Windows Server. The bug was discovered by a security researcher from Kunlun Lab, known under the pseudonym XiaoWei
XiaoWei stressed that due to the severity of the threat, it won't be releasing additional details anytime soon. The researcher also noted that blocking IPv6 through the local Windows firewall will not prevent exploitation of the vulnerability, since the error is activated before the firewall processes packets.
Microsoft explained in its official notice that attackers can exploit the bug remotely by repeatedly sending specially crafted IPv6 packets. The problem is characterized by a low complexity of operation, which increases the likelihood of its use in attacks. The company noted that similar vulnerabilities have previously been the target of attacks, which makes this error especially attractive to attackers.
For those who can't immediately install the latest security updates, Microsoft recommends disabling IPv6 to reduce the risk of an attack. However, the company warns that disabling IPv6 may cause some Windows components to malfunction, as the protocol is a mandatory part of the operating system starting with Windows Vista and Windows Server 2008.
Trend Micro called CVE-2024-38063 one of the most serious vulnerabilities patched by Microsoft as part of the current security update. The company stressed that the vulnerability has the status of "wormable", which means that it can spread between systems without user intervention, similar to computer worms. Trend Micro also reminded that IPv6 is enabled by default on almost all devices, which makes it harder to prevent attacks.
Source
