Critical 0-Click RCE in Windows TCP/IP Stack Impacts All Systems
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Microsoft has released an urgent security update to address a critical remote code execution vulnerability in the Windows TCP/IP stack. The flaw tracked as CVE-2024-38063, affects all supported Windows and Windows Server versions, including Server Core installations.
CVE-2024-38063 is a remote code execution vulnerability in Windows TCP/IP with a maximum severity rating of Critical and a CVSSv3 score of 9.8. Key details include:
Successful exploitation of CVE-2024-38063 could allow an attacker to execute arbitrary code on the target system with SYSTEM privileges. This level of access would give the attacker full control over the compromised machine.
“An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution,” Microsoft said.
The vulnerability impacts all supported versions of:
Microsoft has released patches for all affected versions of Windows and Windows Server. Organizations are strongly advised to apply these updates as soon as possible.
As an additional mitigation, Microsoft recommends disabling IPv6 if it is not required, as the vulnerability can only be exploited via IPv6 packets.
Microsoft also patched 6 Zero-Days That Threat Actors Actively Exploiting in the Wild.
Mitigations
Security experts recommend the following actions:
Given the critical nature of this vulnerability and its potential for widespread impact, organizations should treat addressing CVE-2024-38063 as a top priority.
“The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year,” Microsoft added.
#Cyber_Security_News #Microsoft #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Critical 0-Click RCE in Windows TCP/IP Stack Impacts All Systems
Author: Guru BaranMicrosoft has released an urgent security update to address a critical remote code execution vulnerability in the Windows TCP/IP stack. The flaw tracked as CVE-2024-38063, affects all supported Windows and Windows Server versions, including Server Core installations.
CVE-2024-38063 is a remote code execution vulnerability in Windows TCP/IP with a maximum severity rating of Critical and a CVSSv3 score of 9.8. Key details include:
- An attacker can remotely exploit this vulnerability by sending specially crafted IPv6 packets to a target host.
- No user interaction is required, making this a “0-click” vulnerability.
- Only IPv6 packets can be abused to exploit this vulnerability.
- Microsoft has rated the vulnerability as “Exploitation More Likely.”
Successful exploitation of CVE-2024-38063 could allow an attacker to execute arbitrary code on the target system with SYSTEM privileges. This level of access would give the attacker full control over the compromised machine.
“An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution,” Microsoft said.
The vulnerability impacts all supported versions of:
- Windows
- Windows Server (including Server Core installations).
Microsoft has released patches for all affected versions of Windows and Windows Server. Organizations are strongly advised to apply these updates as soon as possible.
As an additional mitigation, Microsoft recommends disabling IPv6 if it is not required, as the vulnerability can only be exploited via IPv6 packets.
Microsoft also patched 6 Zero-Days That Threat Actors Actively Exploiting in the Wild.
Mitigations
Security experts recommend the following actions:
- Apply the latest Microsoft security updates immediately.
- Prioritize patching internet-facing systems.
- Consider disabling IPv6 if not needed in your environment.
- Monitor for any suspicious network activity, particularly involving IPv6 traffic.
- Implement network segmentation to limit potential lateral movement if a system is compromised.
Given the critical nature of this vulnerability and its potential for widespread impact, organizations should treat addressing CVE-2024-38063 as a top priority.
“The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year,” Microsoft added.
#Cyber_Security_News #Microsoft #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
