Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warns of a critical TCP/IP vulnerability (CVE-2024-38063) affecting all IPv6-enabled Windows systems, allowing remote code execution. Users should prioritize patching to mitigate risks, as the exploit is wormable.
Read original article
Microsoft has issued a warning regarding a critical TCP/IP remote code execution (RCE) vulnerability, tracked as CVE-2024-38063, affecting all Windows systems with IPv6 enabled. This vulnerability, identified by Kunlun Lab, stems from an Integer Underflow weakness that could allow attackers to execute arbitrary code by sending specially crafted IPv6 packets. Microsoft has labeled the exploit as "more likely," indicating a high risk of exploitation. Users are advised to prioritize patching their systems to mitigate potential attacks. Although disabling IPv6 could reduce the attack surface, Microsoft cautions against this as it may disrupt essential Windows components. The vulnerability is considered wormable, meaning it could be exploited without user interaction. This is not the first instance of such vulnerabilities in Windows, as several others have been patched in recent years, highlighting a persistent security concern with IPv6. Users are urged to apply the latest security updates immediately to protect against this and similar vulnerabilities.
- Microsoft warns of a critical RCE vulnerability (CVE-2024-38063) affecting all IPv6-enabled Windows systems.
- The vulnerability allows remote code execution via specially crafted IPv6 packets.
- Users are advised to prioritize patching their systems to mitigate risks.
- Disabling IPv6 is not recommended as it may disrupt Windows functionality.
- The vulnerability is classified as wormable, increasing the urgency for updates.
Related
Windows: Insecure by Design
Ongoing security issues in Microsoft Windows include vulnerabilities like CVE-2024-30080 and CVE-2024-30078, criticized for potential remote code execution. Concerns raised about privacy with Recall feature, Windows 11 setup, and OneDrive integration. Advocacy for Linux desktops due to security and privacy frustrations.
Hackers bypass Windows SmartScreen flaw to launch malware
Cybercriminals are exploiting a Microsoft Defender vulnerability (CVE-2024-21412) to install malware undetected. Many systems remain unpatched, making them vulnerable. Users should update Windows and be cautious with email attachments.
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft is reconsidering security vendor access to the Windows kernel after a CrowdStrike update outage affected 8.5 million PCs, emphasizing the need for improved resilience and collaboration in security practices.
The Wild West of Proof of Concept Exploit Code (PoC)
CVE-2024-6387 is a serious unauthenticated remote code execution vulnerability in OpenSSH, with complex exploitation requiring knowledge of system architecture. The exploit code contains malicious elements, emphasizing risks of untrusted code.
Mac and Windows users infected by software updates delivered over hacked ISP
Hackers compromised an ISP to deliver malware to Windows and Mac users via software updates, affecting multiple applications. Users are advised to avoid insecure updates and use secure DNS protocols.
10 comments > Found by Kunlun Lab's XiaoWei and tracked as CVE-2024-38063, this security bug is caused by an Integer Underflow weakness, which attackers could exploit to trigger buffer overflows that can be used to execute arbitrary code on vulnerable Windows 10, Windows 11, and Windows Server systems.
> "Considering its harm, I will not disclose more details in the short term," the security researcher tweeted, adding that blocking IPv6 on the local Windows firewall won't block exploits because the vulnerability is triggered prior to it being processed by the firewall.
> As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets.
I'm IPv6-only on my personal infra, and it's pretty nice. End to end reachability between machines and containers, and reduced need for middle boxes like reverse proxies.
The only real defence is that ipv6 addresses are harder to guess.
I'd assume it's probably blocked by the vast majority if it's a TCP vuln (cause stateful firewalls).
Related
Windows: Insecure by Design
Ongoing security issues in Microsoft Windows include vulnerabilities like CVE-2024-30080 and CVE-2024-30078, criticized for potential remote code execution. Concerns raised about privacy with Recall feature, Windows 11 setup, and OneDrive integration. Advocacy for Linux desktops due to security and privacy frustrations.
Hackers bypass Windows SmartScreen flaw to launch malware
Cybercriminals are exploiting a Microsoft Defender vulnerability (CVE-2024-21412) to install malware undetected. Many systems remain unpatched, making them vulnerable. Users should update Windows and be cautious with email attachments.
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft is reconsidering security vendor access to the Windows kernel after a CrowdStrike update outage affected 8.5 million PCs, emphasizing the need for improved resilience and collaboration in security practices.
The Wild West of Proof of Concept Exploit Code (PoC)
CVE-2024-6387 is a serious unauthenticated remote code execution vulnerability in OpenSSH, with complex exploitation requiring knowledge of system architecture. The exploit code contains malicious elements, emphasizing risks of untrusted code.
Mac and Windows users infected by software updates delivered over hacked ISP
Hackers compromised an ISP to deliver malware to Windows and Mac users via software updates, affecting multiple applications. Users are advised to avoid insecure updates and use secure DNS protocols.