Microsoft warned prospects this Tuesday to patch a essential TCP/IP distant code execution (RCE) vulnerability with an elevated probability of exploitation that impacts all Home windows programs utilizing IPv6, which is enabled by default.
Tracked as CVE-2024-38063, this safety bug is brought on by an Integer Underflow weak point, which attackers may exploit to set off buffer overflows that can be utilized to execute arbitrary code on weak Home windows 10, Home windows 11, and Home windows Server programs.
As the corporate explains, unauthenticated attackers can exploit the flaw remotely in low-complexity assaults by repeatedly sending IPv6 packets that embrace specifically crafted packets.
Microsoft additionally shared its exploitability evaluation for this essential vulnerability, tagging it with an “exploitation more likely” label, which signifies that risk actors may create exploit code to “consistently exploit the flaw in attacks.”
“Moreover, Microsoft is aware of past instances of this type of vulnerability being exploited. This would make it an attractive target for attackers, and therefore more likely that exploits could be created,” Redmond explains.
“As such, customers who have reviewed the security update and determined its applicability within their environment should treat this with a higher priority.”
As a mitigation measure for individuals who cannot instantly set up this week’s Home windows safety updates, Microsoft recommends disabling IPv6 to take away the assault floor.Â
Nonetheless, on its assist web site, the corporate says the IPv6 community protocol stack is a “mandatory part of Windows Vista and Windows Server 2008 and newer versions” and does not suggest toggling off IPv6 or its elements as a result of this would possibly trigger some Home windows elements to cease working.
Wormable vulnerability
Head of Risk Consciousness at Pattern Micro’s Zero Day Initiative Dustin Childs additionally labeled the CVE-2024-38063 bug as one of the vital extreme vulnerabilities mounted by Microsoft this Patch Tuesday, tagging it as a wormable flaw.
“The worst is likely the bug in TCP/IP that would allow a remote, unauthenticated attacker to get elevated code execution just by sending specially crafted IPv6 packets to an affected target,” Childs stated.
“That means it’s wormable. You can disable IPv6 to prevent this exploit, but IPv6 is enabled by default on just about everything.”
Whereas Microsoft and different corporations warned Home windows customers to patch their programs as quickly as doable to dam potential assaults utilizing CVE-2024-38063 exploits, this is not the primary and certain will not be the final Home windows vulnerability exploitable utilizing IPv6 packets.
Over the past 4 years, Microsoft has patched a number of different IPv6 points, together with two TCP/IP flaws tracked as CVE-2020-16898/9 (additionally referred to as Ping of Loss of life), that may be exploited in distant code execution (RCE) and denial of service (DoS) assaults utilizing malicious ICMPv6 Router Commercial packets.
Moreover, an IPv6 fragmentation bug (CVE-2021-24086) left all Home windows variations weak to DoS assaults, and a DHCPv6 flaw (CVE-2023-28231) made it doable to achieve RCE with a specifically crafted name.
Although attackers are but to use them in widespread assaults focusing on all IPv6-enabled Home windows gadgets, customers are nonetheless suggested to use this month’s Home windows safety updates instantly because of CVE-2024-38063’s elevated probability of exploitation.