this post was submitted on 19 Aug 2024
5 points (100.0% liked)

Windows

399 readers
25 users here now

For all things Windows.

founded 3 years ago
MODERATORS
 

A critical vulnerability has been identified in the Windows TCP/IP Stack that allows for unauthenticated RCE. No user interaction is required, making this a zero-click vulnerability. This vulnerability affects all supported versions of Windows and Windows Servers.

This remote code vulnerability enables an unauthenticated attacker to repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution. Microsoft has released urgent security patches and recommends to install these asap.

It has been assigned a CVSS score of 9.8. With a low complexity to exploit, can be performed unauthenticated and exploited remotely. Successful exploitation leads to SYSTEM level execution on the target endpoint.

From CVE 2024 38063

The following mitigating factors might be helpful in your situation: Systems are not affected if IPv6 is disabled on the target machine.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here