Remote Code Execution – Windows TCP/IP IPv6 (CVE-2024-38063). Vulnerability from August Microsoft Patch Tuesday. No exploits or signs of exploitation in the wild have yet been discovered, but the description of the vulnerability looks scary. 😱
An unauthenticated attacker sends IPv6 packets to a Windows computer and this results in remote code execution. CVSS 9.8, “Exploitation More Likely”.
🔹 If IPv6 is disabled, the vulnerability is not exploited. But by default it is enabled. 😏
🔹 Blocking IPv6 on the local Windows firewall will not prevent exploitation (exploitation occurs before the packet is processed by the firewall). 🤷♂️
The vulnerability was found by experts from the Chinese information security company Cyber Kunlun. When technical details and exploits for the vulnerability appear, it may be very critical and “wormable”. 🪱
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.