CVE-2024-38063 : Windows TCP/IP Remote Code Execution Vulnerability

Severity Rating: CRITICAL

Software Affected: All Windows systems which are using IPv6

Overview:

A vulnerability has been reported in Microsoft windows which could allow an unauthenticated remote attacker to execute arbitrary code on the targeted system.

Description:

This vulnerability exists due to an Integer Underflow weakness that attackers can exploit to initiate buffer overflow. An unauthenticated attacker could repeatedly send specially crafted IPv6 packets to a Windows machine, potentially leading to remote code execution.

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the targeted system.

Workaround:

Systems are not affected if IPv6 is disabled on the target machine. If IPv6 is not needed in your environment, consider disabling it.

Solution:

Apply appropriate updates as mentioned by the vendor.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063

References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *