A vulnerability has been identified in Microsoft Windows PC and Server operating systems. The vulnerability could allow an attacker to perform Remote Code Execution (RCE) against Windows devices over TCP/IP if IPv6 is enabled. The vulnerability (CVE-2024- 38063) has a Critical CVSSv3.1 score of 9.8 out of 10.
Description:
CVE-2024-38063 is a vulnerability in the TCP/IP network stack specifically involving IPv6 communications, which could allow attackers to send a device a carefully crafted packet that can induce Remote Code Execution (RCE). This would allow an attacker to execute arbitrary code at will against a server as long as they have any adjacent network access to a vulnerable system. There is currently no widespread evidence of malicious exploitation, nor verification of the exact conditions that would allow the modified packets to reach targeted servers. Obrela remains vigilant regarding tracking the potential exploitability of the vulnerability and will continue to monitor the situation.
Affected Versions:
The issue affects Windows 10, 11, and Windows Server operating systems starting from 2008 Service Pack 2, which have network adapters with IPv6 enabled and have not received the recent Windows security patches from Tuesday, August 13, 2024. Systems with IPv6 disabled are not vulnerable.
Recommendations:
- To mitigate this critical vulnerability, organizations are strongly urged to ensure all Windows 10,11, and Server devices have received the most recent security patches from last Tuesday, Aug 13.
- If vulnerable devices cannot be promptly patched, we suggest administrators disable IPv6 on relevant network devices if possible. The feature is ON by default for most devices.
- Ensure automatic updates are enabled for future instances.
