Microsoft Urges Windows 10 and 11 Users to Patch Severe TCP/IP RCE Vulnerability
TapTechNews August 15th news, on August 13th, Microsoft released a security bulletin, urging Windows 10 and Windows 11 users to install the latest patch as soon as possible to fix a severe TCP/IP remote code execution (RCE) vulnerability.
Vulnerability Profile
This vulnerability has a tracking number of CVE-2024-38063, with a base score of 9.8 in CVSS3.1 and a lifecycle score of 8.5, and the full score for both is 10.
TapTechNews note: This vulnerability was discovered by the Kunlun Laboratory under the domestic security startup Cyber Kunlun. The laboratory's Xiao Wei (transliterated) said that this vulnerability is caused by an integer underflow BUG, and attackers can use this weakness to trigger a buffer overflow, thereby executing arbitrary code on vulnerable Windows 10, Windows 11, and Windows Server systems.
This security research expert said that since the vulnerability is triggered before being processed by the firewall, blocking IPv6 on the local Windows firewall cannot prevent hackers from using this vulnerability. He said, Considering its harmfulness, I will not disclose more details in the short term.
Microsoft Bulletin
Microsoft said in the bulletin on Tuesday that an unauthenticated attacker can remotely exploit this vulnerability in a low-complexity attack by repeatedly sending IPv6 packets containing specially crafted packets.
Microsoft also shared the exploitability assessment of this critical vulnerability, marking it as more likely to be exploited, which means that threat actors can create exploitation code and continuously exploit this vulnerability in an attack.
Vulnerability Impact
This severe TCP/IP remote code execution (RCE) vulnerability will affect all Windows systems with IPv6 enabled by default.
Risk Description:
An attacker does not need to be authenticated as a user.
No access to any settings or files on the victim's computer is required.
The victim device user does not need to perform any interactive operations, no need to click on a link, load an image, or execute a file.
Microsoft strongly recommends that users immediately update their systems to the latest version and is releasing relevant patches to fix this vulnerability.
Temporary Mitigation Measure: If IPv6 is disabled on the target computer, the system will not be affected.
Due to the nature of this vulnerability, attackers can obtain permissions without any operations by the user. In most cases, the IPv6 address obtained by the user is a public network address, so attackers are very likely to conduct targeted intrusions against specific companies, schools, institutions, or target groups. Major companies and institutions should install security patches or enable system updates in a timely manner to ensure safety.
Microsoft said that the IPv6 network protocol stack is an essential part of Windows Vista and Windows Server 2008 and subsequent versions, and it is not recommended to turn off IPv6 or its components, which may cause some Windows components to stop working.