Microsoft has released an urgent security update to address a critical remote code execution vulnerability in the Windows TCP/IP stack. The flaw tracked as CVE-2024-38063, affects all supported Windows and Windows Server versions, including Server Core installations.

CVE-2024-38063 is a remote code execution vulnerability in Windows TCP/IP with a maximum severity rating of Critical and a CVSSv3 score of 9.8. Key details include:

  • An attacker can remotely exploit this vulnerability by sending specially crafted IPv6 packets to a target host.
  • No user interaction is required, making this a “0-click” vulnerability.
  • Only IPv6 packets can be abused to exploit this vulnerability.
  • Microsoft has rated the vulnerability as “Exploitation More Likely.”

The vulnerability impacts all supported versions of:

  • Windows
  • Windows Server (including Server Core installations).

Microsoft has released patches for all affected versions of Windows and Windows Server. Organisations are strongly advised to apply these updates as soon as possible.

Mitigations

The following actions are recommended:

  1. Apply the latest Microsoft security updates immediately.
  2. Prioritise patching internet-facing systems.
  3. Consider disabling IPv6 if not needed in your environment.
  4. Monitor for any suspicious network activity, particularly involving IPv6 traffic.
  5. Implement network segmentation to limit potential lateral movement if a system is compromised.

Further reading

https://cybersecuritynews.com/0-click-rce-windows-tcp-ip/amp/