A critical vulnerability in the Windows TCP/IP stack enables unauthenticated remote code execution (RCE) through specially crafted IPv6 packets. This flaw affects all supported versions of Windows and Windows Server, allowing attackers to execute arbitrary code remotely.
Windows TCP/IP RCE Vulnerability
Researcher XiaoWei from Kunlun Lab has found a critical remote code execution vulnerability in the Windows TCP/IP stack, identified as CVE-2024-38063, with a CVSS score of 9.8.
This zero-click flaw, affecting all supported versions of Windows 10, 11, and Windows Server, can be exploited by sending specially crafted IPv6 packets to the target system. Note that this issue impacts only IPv6 users, as the crafted packets cannot be sent to IPv4 addresses.
The research shows that CVE-2024-38063 causes a buffer overflow, letting attackers run arbitrary code with SYSTEM privileges, potentially giving them full control over the system. More details may emerge as the patch is widely applied.
If Microsoft had ignored or missed this flaw, the impact could have been severe. Although IPv6 is not yet widespread, it’s seen as the future of the Internet, and hackers could have exploited this vulnerability to deploy malware without user interaction if it had surfaced later.
Mitigation Measures
Microsoft acknowledged that this is not the first vulnerability of its kind and expects attackers to develop exploits for it. A fix is available through the August 2024 Patch Tuesday update.
Organizations are advised to monitor network activity and use network segmentation to contain potential threats. As a temporary workaround, Microsoft suggested disabling IPv6, though this could disrupt other Windows components that rely on it, as IPv6 is enabled by default on most systems.
Leave A Comment