Threat Intel: Windows TCP/IP (v6) Remote Code Execution Vulnerability CVE 2024 38063

27d8af0d-7fb1-49ed-8f75-4995a16ccf6f

CVE-2024-38063 is a critical security vulnerability affecting the Windows TCP/IP stack, particularly in the handling of IPv6 packets. This vulnerability is especially dangerous because it can lead to remote code execution (RCE) without any user interaction—making it a "zero-click" vulnerability. The flaw is caused by an integer underflow issue, which can be exploited by an attacker to trigger a buffer overflow. Once successfully exploited, this could allow the attacker to execute arbitrary code on the affected system, potentially leading to full system compromise.

How could an attacker exploit this vulnerability?

An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.

Remediation

Install security update KB5041828

Temporary workaround: disable IPV6 in connected adapters.

More information:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063