A critical vulnerability has been identified in the Windows TCP/IP Stack that allows for unauthenticated RCE. No user interaction is required, making this a zero-click vulnerability. This vulnerability affects all supported versions of Windows and Windows Servers.
This remote code vulnerability enables an unauthenticated attacker to repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution. Microsoft has released urgent security patches and recommends to install these asap.
It has been assigned a CVSS score of 9.8. With a low complexity to exploit, can be performed unauthenticated and exploited remotely. Successful exploitation leads to SYSTEM level execution on the target endpoint.
Further Reading:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
- https://www.cve.org/CVERecord?id=CVE-2024-38063
CyberMaxx is monitoring the situation and providing updates to customers as new information becomes available. We currently recommend organizations apply the patches provided by Microsoft. This vulnerability can only be exploited by specially crafted IPv6 packets to be sent to the vulnerable endpoint, we recommend disabling IPv6 if not business critical to reduce this attack surface.