Microsoft urges customers to fix Windows RCE in the TCP/IP stack


Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack

Pierluigi Paganini
Microsoft urges customers to fix Windows RCE in the TCP/IP stack August 16, 2024

Microsoft urges customers to fix Windows RCE in the TCP/IP stack

Microsoft addressed a critical zero-click Windows remote code execution (RCE) in the TCP/IP stack that impacts all systems with IPv6 enabled.

Microsoft urges customers to fix a critical TCP/IP remote code execution (RCE) flaw, tracked as CVE-2024-38063 (CVSS score 9.8), in the TCP/IP stack. The vulnerability impacts all systems with IPv6 enabled (IPv6 is enabled by default).

An unauthenticated attacker can exploit the flaw by repeatedly sending IPv6 packets, including specially crafted packets, to a Windows machine which could lead to remote code execution.

Microsoft confirmed that a threat actor can exploit this flaw in a low-complexity attack and its exploitability assessment labels the issue as “exploitation more likely.” This label suggests that Microsoft is aware of past instances of this type of vulnerability being exploited.

Kunlun Lab’s XiaoWei discovered the flaw several months ago, he urged customers to apply the patches because the “exploitation is more likely.”

The flaw is a buffer overflow issue that can be exploited to achieve arbitrary code execution on vulnerable Windows 10, Windows 11, and Windows Server systems.

XiaoWei pointed out that blocking IPv6 on the local Windows firewall cannot prevent the exploitation of the issue because the vulnerability is triggered before it is processed by the firewall.

Microsoft recommends disabling IPv6 as a mitigation measure.

The issue was addressed by Microsoft with the release of Patch Tuesday security updates for August 2024 that also fixed the following actively exploited flaws:

CVE Title Severity CVSS Public Exploited Type
CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability Important 8.8 No Yes RCE
CVE-2024-38178 Scripting Engine Memory Corruption Vulnerability Important 7.5 No Yes RCE
CVE-2024-38193 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No Yes EoP
CVE-2024-38106 Windows Kernel Elevation of Privilege Vulnerability Important 7 No Yes EoP
CVE-2024-38107 Windows Power Dependency Coordinator Elevation of Privilege Vulnerability Important 7.8 No Yes EoP
CVE-2024-38213 Windows Mark of the Web Security Feature Bypass Vulnerability Moderate 6.5 No Yes SFB

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, TCP/IP)







Source link