Windows Critical Vulnerability: CVE-2024-38063 - eviltoast

cross-posted from: https://lemmy.ndlug.org/post/1002763

A critical vulnerability has been identified in the Windows TCP/IP Stack that allows for unauthenticated RCE. No user interaction is required, making this a zero-click vulnerability. This vulnerability affects all supported versions of Windows and Windows Servers.

This remote code vulnerability enables an unauthenticated attacker to repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution. Microsoft has released urgent security patches and recommends to install these asap.

It has been assigned a CVSS score of 9.8. With a low complexity to exploit, can be performed unauthenticated and exploited remotely. Successful exploitation leads to SYSTEM level execution on the target endpoint.

From CVE 2024 38063

The following mitigating factors might be helpful in your situation: Systems are not affected if IPv6 is disabled on the target machine.

  • pnutzh4x0r@lemmy.ndlug.orgOP
    link
    fedilink
    English
    arrow-up
    3
    ·
    3 months ago

    Based on what I can tell (I don’t usually use Windows), a patch was released on August 13th. As long as you are current with your Windows Updates, this shouldn’t be an issue.

    • Rhaedas@fedia.io
      link
      fedilink
      arrow-up
      2
      ·
      3 months ago

      First thing I did was look at updates, both if there was something pending and in the history. There was a quality update on the 13th, but it mentions nothing specific about patching any vulnerabilities. I’ve got IPv6 off for all adapters now, so I’ll wait to see if anything more develops.

      At this point in my life I can probably move over to Linux, as I don’t play much games anyway and don’t have to use Office stuff. I’m just lazy. But I suppose when LTS expires (in Nov I think) I might go that route.