Security Researcher Reveals Critical Vulnerability in Windows 10/11
Security researcher Marcus Hatchins recently published an article analyzing CVE-2024-38063, a critical vulnerability in Windows 10/11 that allows for remote code execution (RCE) through IPV6 packages. The vulnerability has been rated at 9.8 on the CVSS scale, underscoring its significance.
In his report, Hatchins details how he investigated the vulnerability following the release of the latest Windows patch on August 13. He discovered that the vulnerability affects the tcp.sys driver, a crucial component of the Windows kernel responsible for processing TCP/IP packets.
“Analyzing the patch to identify code changes was a relatively quick process. The IPV6PPROCESSOPTIONS() function was found to confirm the presence of the vulnerability,” Hatchins explained.
Despite the straightforward nature of identifying the vulnerability, the process of reverse engineering and developing a working exploit proved to be more complex. Hatchins spent weeks analyzing the code and testing various scenarios, eventually creating a Proof-Of-Concept (POC) that triggers a Denial of Service (DOS) attack but does not achieve full remote code execution.
“I had initially intended to release a working POC for DOS, but it proved challenging to consistently trigger the bug, making it impractical for widespread use,” Hatchins commented.
However, another researcher, @ynwarcs, successfully found a way to exploit the vulnerability and published a POC demonstrating the exploitation, which can be accessed here.
In concluding his report, Hatchins stresses the importance of examining such vulnerabilities and shares his insights:
“I gained valuable insights from working on this study, and I hope the article proves informative for you as well,” he remarked.