Microsoft has issued a warning to users regarding a critical vulnerability in TCP/IP that allows for remote code execution (RCE) on all Windows systems using the default IPV6 protocol.
The vulnerability, identified as CVE-2024-38063 (CVSS: 9.8), involves an integral overflow (Integer underflow) and can be exploited by attackers to execute arbitrary code on susceptible Windows 10, Windows 11, and Windows Server systems. The security researcher from Kunlun Lab, known as Xiaowei, discovered the flaw.
Xiaowei has chosen not to disclose additional details in the immediate future due to the severity of the threat. The researcher also pointed out that blocking IPV6 via the local Windows firewall will not prevent the vulnerability from being exploited, as the error is triggered before the firewall processes the packets.
Microsoft explained in an official statement that attackers could remotely utilize the flaw by sending specially crafted IPV6 packets repeatedly. The vulnerability has a low operational complexity, increasing the likelihood of it being exploited in attacks. The company highlighted that similar vulnerabilities have been targets of attacks previously, making this particular issue even more enticing for attackers.
For users who are unable to immediately install the latest security updates, Microsoft suggests disabling IPV6 to minimize the risk of an attack. However, the company cautioned that disabling IPV6 may lead to malfunctions in certain Windows components, as the protocol is an essential part of the operating system since Windows Vista and Windows Server 2008 versions.
According to Trend Micro, the vulnerability CVE-2024-38063, also referred to as one of the most serious vulnerabilities addressed by Microsoft in the current security update. The company stressed that the flaw is deemed “exploitable,” indicating the potential for it to spread across systems without user intervention, similar to computer worms. Trend Micro also noted that IPV6 is enabled by default on almost all devices, complicating the prevention of such attacks.