Severity Rating: CRITICAL
Software Affected: All Windows systems which are using IPv6
Overview:
A vulnerability has been reported in Microsoft windows which could allow an unauthenticated remote attacker to execute arbitrary code on the targeted system.
Description:
This vulnerability exists due to an Integer Underflow weakness that attackers can exploit to initiate buffer overflow. An unauthenticated attacker could repeatedly send specially crafted IPv6 packets to a Windows machine, potentially leading to remote code execution.
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the targeted system.
Workaround:
Systems are not affected if IPv6 is disabled on the target machine. If IPv6 is not needed in your environment, consider disabling it.
Solution:
Apply appropriate updates as mentioned by the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
Leave a Reply