Tag Archives: TCPIP

Progress in exploitation of Remote Code Execution – Windows TCP/IP IPv6 (CVE-2024-38063)

Progress in exploitation of Remote Code Execution – Windows TCP/IP IPv6 (CVE-2024-38063). The vulnerability is from the August Patch Tuesday. 2 weeks ago I already wrote why it is potentially dangerous. Now the danger has increased significantly:

🔻 On August 24, a PoC of the exploit appeared on GitHub. There is a video with the launch of a small python script (39 lines), causing Windows to crash with the error “KERNEL SECURITY CHECK FAILURE”. Looks more like DoS than RCE. But this is only for now.

🔻 Well-known researcher Marcus Hutchins posted a blog post titled “CVE-2024-38063 – Remotely Exploiting The Kernel Via IPv6“. It describes the technical details of exploiting the vulnerability.

The probability that the vulnerability will be exploited in the wild has increased significantly.

❗️ Check if the vulnerability is patched or increase the priority of the fix if it is not yet.

На русском

Remote Code Execution – Windows TCP/IP IPv6 (CVE-2024-38063)

Leave a reply

Remote Code Execution – Windows TCP/IP IPv6 (CVE-2024-38063). Vulnerability from August Microsoft Patch Tuesday. No exploits or signs of exploitation in the wild have yet been discovered, but the description of the vulnerability looks scary. 😱

An unauthenticated attacker sends IPv6 packets to a Windows computer and this results in remote code execution. CVSS 9.8, “Exploitation More Likely”.

🔹 If IPv6 is disabled, the vulnerability is not exploited. But by default it is enabled. 😏
🔹 Blocking IPv6 on the local Windows firewall will not prevent exploitation (exploitation occurs before the packet is processed by the firewall). 🤷‍♂️

The vulnerability was found by experts from the Chinese information security company Cyber Kunlun. When technical details and exploits for the vulnerability appear, it may be very critical and “wormable”. 🪱

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: TCPIP

Progress in exploitation of Remote Code Execution – Windows TCP/IP IPv6 (CVE-2024-38063)

Remote Code Execution – Windows TCP/IP IPv6 (CVE-2024-38063)