August 15, 2024
By Cybervergent Team

Urgent Patch Required: Zero-Click TCP/IP RCE Affects All Windows Systems with IPv6 Enabled

Microsoft has issued acritical security advisory for a newly discovered TCP/IP remote code execution(RCE) vulnerability, tracked as CVE-2024-38063. This flaw, identified by Kunlun Lab's XiaoWei, affects all Windows systems with IPv6 enabled by default, including Windows 10, Windows 11, and Windows Server versions. The vulnerability arises from an Integer Underflow issue, which could allow attackers to trigger buffer overflows and execute arbitrary code.

Key Details:

Vulnerability:CVE-2024-38063

Severity:Critical

Type:Remote Code Execution (RCE)

Impact:Affected systems can be exploited by unauthenticated attackers to execute arbitrary code remotely.

Affected Systems:Windows 10, Windows 11, Windows Server

Exploitation Potential:High likehood of exploitation, with potential for wormable attacks.

Technical Details:

CVE-2024-38063 is acritical vulnerability in the Windows TCP/IP stack related to handling IPv6 packets. The flaw stems from an integer underflow, leading to a buffer overflow, which attackers can exploit to achieve remote code execution (RCE).This means an attacker can take full control of a system by simply sending aspecially crafted IPv6 packet, with no user interaction required. The vulnerability is particularly severe because it can bypass firewall protections and has the potential to be "wormable," allowing it to spreadautomatically between systems.

Recommendations:

·      Install the latest Windows security updates provided by Microsoft toaddress CVE-2024-38063.

·      For those unable to apply the security update immediately, Microsoft recommends disabling IPv6 to mitigate the risk. However, note that disabling IPv6 may disrupt some Windows components,especially on systems running Windows Vista or Windows Server 2008 and newer.

Conclusion:

Given the potential for severe exploitation and the critical nature of CVE-2024-38063, it is crucialfor all affected Windows users to apply the available security updates immediately. Continual vigilance and prompt action are essential to safeguard against potential threats associated with this vulnerability.