CVE-2024-38063 is a critical security vulnerability affecting the Windows TCP/IP stack, particularly in the handling of IPv6 packets. This vulnerability is especially dangerous because it can lead to remote code execution (RCE) without any user interaction—making it a "zero-click" vulnerability. The flaw is caused by an integer underflow issue, which can be exploited by an attacker to trigger a buffer overflow. Once successfully exploited, this could allow the attacker to execute arbitrary code on the affected system, potentially leading to full system compromise.

How could an attacker exploit this vulnerability?

An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.