Microsoft has warned customers to patch a critical TCP/IP remote code execution (RCE) vulnerability that affects all Windows systems with IPv6 enabled. The vulnerability, tracked as CVE-2024-38063, is caused by an Integer Underflow weakness and can be exploited to trigger buffer overflows, allowing attackers to execute arbitrary code.
The security bug has been labeled “wormable,” meaning it could be used in widespread attacks targeting all IPv6-enabled Windows devices. Microsoft advises customers to apply the latest Windows security updates immediately due to the increased likelihood of exploitation.
To mitigate the risk, Microsoft recommends disabling IPv6 for those who cannot install the patch immediately. However, this may cause some Windows components to stop working, as IPv6 is enabled by default on many systems.
The vulnerability has been found to be exploitable through repeated sending of specially crafted IPv6 packets that can trigger buffer overflows, allowing attackers to execute arbitrary code. Microsoft warns that blocking IPv6 on local Windows firewalls will not prevent exploits, as the vulnerability is triggered before it is processed by the firewall.
In a statement, Microsoft emphasized the severity of the issue and encouraged customers to apply the patch as soon as possible to block potential attacks using CVE-2024-38063 exploits.
Source: https://www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled-patch-now/