Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack

Pierluigi Paganini August 16, 2024

Microsoft addressed a critical zero-click Windows remote code execution (RCE) in the TCP/IP stack that impacts all systems with IPv6 enabled.

Microsoft urges customers to fix a critical TCP/IP remote code execution (RCE) flaw, tracked as CVE-2024-38063 (CVSS score 9.8), in the TCP/IP stack. The vulnerability impacts all systems with IPv6 enabled (IPv6 is enabled by default).

An unauthenticated attacker can exploit the flaw by repeatedly sending IPv6 packets, including specially crafted packets, to a Windows machine which could lead to remote code execution.

Microsoft confirmed that a threat actor can exploit this flaw in a low-complexity attack and its exploitability assessment labels the issue as “exploitation more likely.” This label suggests that Microsoft is aware of past instances of this type of vulnerability being exploited.

Kunlun Lab’s XiaoWei discovered the flaw several months ago, he urged customers to apply the patches because the “exploitation is more likely.”

The flaw is a buffer overflow issue that can be exploited to achieve arbitrary code execution on vulnerable Windows 10, Windows 11, and Windows Server systems.

XiaoWei pointed out that blocking IPv6 on the local Windows firewall cannot prevent the exploitation of the issue because the vulnerability is triggered before it is processed by the firewall.

Microsoft recommends disabling IPv6 as a mitigation measure.

The issue was addressed by Microsoft with the release of Patch Tuesday security updates for August 2024 that also fixed the following actively exploited flaws:

CVETitleSeverityCVSSPublicExploitedType
CVE-2024-38189Microsoft Project Remote Code Execution VulnerabilityImportant8.8NoYesRCE
CVE-2024-38178Scripting Engine Memory Corruption VulnerabilityImportant7.5NoYesRCE
CVE-2024-38193Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant7.8NoYesEoP
CVE-2024-38106Windows Kernel Elevation of Privilege VulnerabilityImportant7NoYesEoP
CVE-2024-38107Windows Power Dependency Coordinator Elevation of Privilege VulnerabilityImportant7.8NoYesEoP
CVE-2024-38213Windows Mark of the Web Security Feature Bypass VulnerabilityModerate6.5NoYesSFB

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, TCP/IP)



you might also like

leave a comment