Critical 0-Click RCE in Windows TCP/IP Stack Impacts All Systems

   August 14, 2024  Posted in CyberSecurityNews


Microsoft has released an urgent security update to address a critical remote code execution vulnerability in the Windows TCP/IP stack. The flaw tracked as CVE-2024-38063, affects all supported Windows and Windows Server versions, including Server Core installations.

CVE-2024-38063 is a remote code execution vulnerability in Windows TCP/IP with a maximum severity rating of Critical and a CVSSv3 score of 9.8. Key details include:

EHA

  • An attacker can remotely exploit this vulnerability by sending specially crafted IPv6 packets to a target host.
  • No user interaction is required, making this a “0-click” vulnerability.
  • Only IPv6 packets can be abused to exploit this vulnerability.
  • Microsoft has rated the vulnerability as “Exploitation More Likely.”

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

Successful exploitation of CVE-2024-38063 could allow an attacker to execute arbitrary code on the target system with SYSTEM privileges. This level of access would give the attacker full control over the compromised machine.

The vulnerability impacts all supported versions of:

  • Windows
  • Windows Server (including Server Core installations).

Microsoft has released patches for all affected versions of Windows and Windows Server. Organizations are strongly advised to apply these updates as soon as possible.

As an additional mitigation, Microsoft recommends disabling IPv6 if it is not required, as the vulnerability can only be exploited via IPv6 packets.

Microsoft also patched 6 Zero-Days That Threat Actors Actively Exploiting in the Wild.

Mitigations

Security experts recommend the following actions:

  1. Apply the latest Microsoft security updates immediately.
  2. Prioritize patching internet-facing systems.
  3. Consider disabling IPv6 if not needed in your environment.
  4. Monitor for any suspicious network activity, particularly involving IPv6 traffic.
  5. Implement network segmentation to limit potential lateral movement if a system is compromised.

Given the critical nature of this vulnerability and its potential for widespread impact, organizations should treat addressing CVE-2024-38063 as a top priority.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces



Source link