August 15, 2024: Microsoft has warned customers of a critical TCP/IP remote code execution vulnerability affecting IPv6 that should be addressed immediately. Attackers can remotely exploit this flaw with a low-skill-level attack against vulnerable Windows 10, Windows 11, and Windows Server systems by sending specially crafted IPv6 packets to cause a buffer overflow and allow arbitrary code execution on targeted networks and systems.
The flaw is tracked as CVE 2024-38063 and carries a CVSS score of 9.8/10.
The vulnerability does not require any interaction by any users or a targeted Windows server. Past instances of this type of vulnerability have been exploited. Threat actors could likely create code to consistently exploit this flaw in attacks that may allow for lateral movement in affected networks once attackers exploit the flaw and gain a foothold in the network.
This vulnerability should be treated as a high priority. As of 8/13, this vulnerability has been patched and Microsoft suggests immediately updating any affected systems (Windows 10, Windows 11, and Windows Server systems) to reduce the risk of exploitation, particularly on public-facing servers.
Patching
If users cannot patch or address the vulnerability immediately, users should disable IPv6 immediately through PowerShell or in the properties menu for each network interface. A guide for this can be found here: https://www.windowscentral.com/software-apps/windows-11/how-to-disable-tcpipv6-ipv6-on-windows-11.
All systems utilizing any Windows OS should apply the latest security update:
- Windows 10 – KB5041773/KB5041578/KB5041580
- Windows 11 – KB5041571/KB5041592
- Windows Server 2008 – KB5041847/KB5041850
- Windows Server 2012 – KB5041828/KB5041851
- Windows Server 2016 – KB5041773
- Windows Server 2022 – KB5041847
Solutions
With any system vulnerabilities that carry a high likelihood of exploitation and risk, it’s important to make sure you have a clear understanding of potential flaws within your network. Contact SecuLore for a Cyber Benchmark to get started on a cybersecurity risk assessment to get help determining vulnerabilities in your network and get actionable recommendations based on real data captured from your network through our assessment, including immediate remediation options.
If you are concerned about this flaw impacting your network, contact SecuLore for more information to get started with a monitoring option to detect malicious traffic attempting to exploit vulnerabilities on your network security.
SecuLore CyberSight™ provides management of your attack surface and monitoring through our patented technology to detect vulnerabilities in your network and detect anomalous behavior. The technology passively captures all traffic on your network to identify threats that are often missed by other layers of security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers).
Stay cyber-safe,
SecuLore Support Team
Other Alerts
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.