Microsoft has issued an emergency security update to address a severe remote code execution (RCE) vulnerability in the Windows TCP/IP stack. The vulnerability, identified as CVE-2024-38063, poses a significant risk to all supported Windows and Windows Server versions, including Server Core installations.
Critical Vulnerability Overview:
CVE-2024-38063 is a high-severity flaw in Windows TCP/IP, earning a Critical rating with a CVSSv3 score of 9.8. The key characteristics of this vulnerability are as follows:
- Exploitation Method: Attackers can exploit this flaw remotely by sending specially crafted IPv6 packets to the target host.
- No User Interaction Required: The vulnerability is classified as a “0-click” exploit, meaning no user action is necessary for the attack to be successful.
- IPv6 Dependency: The exploit can only be triggered through IPv6 packets.
- Likelihood of Exploitation: Microsoft has assessed the likelihood of exploitation as “More Likely.”
Successful exploitation of CVE-2024-38063 allows an attacker to execute arbitrary code on the target system with SYSTEM privileges, granting them full control over the compromised machine.
Microsoft explained, “An unauthenticated attacker could repeatedly send specially crafted IPv6 packets to a Windows machine, potentially enabling remote code execution.”
Affected Systems:
- All supported versions of Windows
- All supported versions of Windows Server, including Server Core installations
Microsoft has released patches to address this vulnerability across all affected versions. Organizations are strongly urged to apply these updates immediately.
Additional Mitigation Measures:
To further safeguard against this vulnerability, Microsoft advises disabling IPv6 if it is not essential for your environment, as the flaw is exploitative exclusively via IPv6 packets.
In addition, Microsoft has addressed six zero-day vulnerabilities that are currently being exploited in the wild.
Recommended Actions:
- Apply the latest Microsoft security updates without delay.
- Prioritize patching systems exposed to the internet.
- Disable IPv6 if it is not necessary for your network.
- Monitor for unusual network activity, especially related to IPv6 traffic.
- Implement network segmentation to reduce potential lateral movement in case of a system breach.
Given the critical nature of CVE-2024-38063 and its potential for widespread damage, it is imperative for organizations to prioritize addressing this vulnerability.
Microsoft also noted that the new Copilot+ devices, which are equipped with Windows 11 version 24H2, should be updated promptly if automatic updates are not enabled. The general availability of Windows 11 version 24H2 is anticipated later this year.
Related topics:
What Are the Challenges of Automation Testing?