Microsoft warned clients this Tuesday to patch a important TCP/IP distant code execution (RCE) vulnerability with an elevated chance of exploitation that impacts all Home windows techniques utilizing IPv6, which is enabled by default.
Discovered by Kunlun Lab’s XiaoWei and tracked as CVE-2024-38063, this safety bug is attributable to an Integer Underflow weak point, which attackers may exploit to set off buffer overflows that can be utilized to execute arbitrary code on weak Home windows 10, Home windows 11, and Home windows Server techniques.
“Considering its harm, I will not disclose more details in the short term,” the safety researcher informed BleepingComputer, including that blocking IPv6 on the native Home windows firewall will not block exploits as a result of the vulnerability is triggered previous to it being processed by the firewall.
As Microsoft defined in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity assaults by repeatedly sending IPv6 packets that embrace specifically crafted packets.
Microsoft additionally shared its exploitability evaluation for this important vulnerability, tagging it with an “exploitation more likely” label, which implies that menace actors may create exploit code to “consistently exploit the flaw in attacks.”
“Moreover, Microsoft is aware of past instances of this type of vulnerability being exploited. This would make it an attractive target for attackers, and therefore more likely that exploits could be created,” Redmond explains.
“As such, customers who have reviewed the security update and determined its applicability within their environment should treat this with a higher priority.”
As a mitigation measure for many who cannot instantly set up this week’s Home windows safety updates, Microsoft recommends disabling IPv6 to take away the assault floor.Â
Nonetheless, on its help web site, the corporate says the IPv6 community protocol stack is a “mandatory part of Windows Vista and Windows Server 2008 and newer versions” and would not advocate toggling off IPv6 or its elements as a result of this would possibly trigger some Home windows elements to cease working.
Wormable vulnerability
Head of Risk Consciousness at Pattern Micro’s Zero Day Initiative Dustin Childs additionally labeled the CVE-2024-38063 bug as one of the extreme vulnerabilities mounted by Microsoft this Patch Tuesday, tagging it as a wormable flaw.
“The worst is likely the bug in TCP/IP that would allow a remote, unauthenticated attacker to get elevated code execution just by sending specially crafted IPv6 packets to an affected target,” Childs stated.
“That means it’s wormable. You can disable IPv6 to prevent this exploit, but IPv6 is enabled by default on just about everything.”
Whereas Microsoft and different corporations warned Home windows customers to patch their techniques as quickly as attainable to dam potential assaults utilizing CVE-2024-38063 exploits, this is not the primary and sure will not be the final Home windows vulnerability exploitable utilizing IPv6 packets.
During the last 4 years, Microsoft has patched a number of different IPv6 points, together with two TCP/IP flaws tracked as CVE-2020-16898/9 (additionally known as Ping of Demise), that may be exploited in distant code execution (RCE) and denial of service (DoS) assaults utilizing malicious ICMPv6 Router Commercial packets.
Moreover, an IPv6 fragmentation bug (CVE-2021-24086) left all Home windows variations weak to DoS assaults, and a DHCPv6 flaw (CVE-2023-28231) made it attainable to realize RCE with a specifically crafted name.
Though attackers are but to take advantage of them in widespread assaults concentrating on all IPv6-enabled Home windows gadgets, customers are nonetheless suggested to use this month’s Home windows safety updates instantly because of CVE-2024-38063’s elevated chance of exploitation.
