Skip to main content

CRITICAL - CVE-2024-38063 | Microsoft Windows with Wormable Score 9.8 leads to RCE

Link State
Forum|alt.badge.img+11

Hello everyone,
a serious new 9.8 vulnerability has been discovered in the TCp IPV6 protocol

Microsoft explained in its official communication that attackers can exploit the bug remotely by repeatedly sending specially prepared IPv6 packets. The problem is characterised by low exploitation complexity, which increases the likelihood of its use in attacks. The company noted that similar vulnerabilities have been attacked in the past, which makes this bug particularly attractive to attackers.

it is strongly recommended to patch or disable IPV6 On cloud platforms (Azure,AWS,GCP) servers expose public IPs.

CVE-2024-38063 is a zero-click vulnerability that utilizes specially crafted packets to trigger a buffer overflow vulnerability that can be used to execute arbitrary code on vulnerable systems

The vulnerability can be mitigated by turning off IPv6 on vulnerable machines or blocking incoming IPv6 traffic in the firewall. Businesses should consider implementing one of these measures until vulnerable machines are patched. Servers accessible from the Internet should be given priority. Microsoft has already released a patch to fix this problem, released on August 13, 2024

August 13, 2024—KB5041160 (OS Build 20348.2655) - Microsoft Support

CVE-2024-38063 - Security Update Guide - Microsoft - Windows TCP/IP Remote Code Execution Vulnerability

The company pointed out that the vulnerability has ‘wormable’ status, which means it can spread between systems without user interaction, similar to computer worms. Trend Micro also pointed out that IPv6 is enabled by default on almost all devices, which makes it difficult to prevent attacks.

CVE-2024-38063 - Security Update Guide - Microsoft - Windows TCP/IP Remote Code Execution Vulnerability

NVD - CVE-2024-38063 (nist.gov)

For those who cannot install the patch immediately,The workaround is to disable IPv6.
However,MS warns that disabling IPv6 may cause some Windows components to malfunction, as the protocol is a mandatory part of the operating system.

Configure IPv6 for advanced users - Windows Server | Microsoft Learn

DOS

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\ /v DisabledComponents /t REG_DWORD  /d 0xFF /f

Powershell

Get-NetAdapterBinding | Where-Object ComponentID -EQ 'ms_tcpip6'
Disable-NetAdapterBinding -Name 'Ethernet' -ComponentID 'ms_tcpip6'

Regrads

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104| AZ500 - AWS Cloud Practitioner - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)

2 comments

Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8494 comments
  • August 22, 2024

It is interesting nowadays to see protocols having CVEs.  Thanks for sharing this.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Link State
1 person likes this
  • Link State
    Link State
coolsport00
Forum|alt.badge.img+20
  • coolsport00
  • Veeam Legend
  • 4142 comments
  • August 22, 2024

Yeah...saw a friend post a lot of comments about that last wk. Didn’t spend much time reading about it yet, so I really appreciate the share @Link State 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Link State
1 person likes this
  • Link State
    Link State

Comment


Terms & Conditions