CVE-2024-38063: IPv6 Remote Code Execution vulnerability

ALERT

Microsoft has disclosed a critical (CVSS 9.8) TCP/IP remote code execution (RCE) vulnerability that impacts all Windows systems utilizing IPv6. To conduct this attack, threat actors can repeatedly send IPv6 packets that include specially crafted packets. By doing this, an unauthenticated attacker could exploit this vulnerability, leading to remote code execution. Systems that have IPv6 disabled are not susceptible to this vulnerability.

Severity

Rated 9.8 on severity scale. :fearful:

If this does not induce panic, I do not know what else will.

Notes

• Zero-click with no user intervention involved. A system can be compromised merely by being connected to network and receiving maliciously-crafted IPv6 broadcast packets. No social engineering required.

Recommendations

• Patch your Windows system immediately.
• Disable IPv6 if one does not need/use it.
• Disconnect unpatched systems from the Internet/network.

More info

• Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability
• Mitigating CVE 2024-38063: Critical RCE Vulnerability On Windows Systems With IPv6
• Microsoft patches scary wormable hijack-my-box-via-IPv6 security bug and others
• Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
• Windows TCP/IP Remote Code Execution Vulnerability
• Trustwave Rapid Response: Windows TCP/IP RCE Vulnerability (CVE-2024-38063)