The Download
Microsoft announced a rare 0-click vulnerability (CVE-2024-38063) with CVSS severity score of 9.8/10 in the Windows TCP/IP stack that does not require any user interaction in order to exploit and possibly take over the system. Microsoft has released a patch for the vulnerability and urgently asks businesses to immediately patch. A quick summary of the vulnerability is below.
Critical Vulnerability: A 0-click remote code execution (RCE) vulnerability (CVE-2024-38063) was found in the Windows TCP/IP stack, affecting all Windows systems, including servers.
No User Interaction Needed: Attackers can exploit this flaw by sending specially crafted IPv6 packets, requiring no user interaction.
Potential Full System Control: Successful exploitation grants attackers full control over the targeted system.
Urgent Patching Required: Microsoft has released patches and advises immediate updates.
Disabling IPv6 as a Mitigation: Disabling IPv6 is recommended if not necessary for your environment.
What You Can Do
There are specific steps to mitigate the risk of this vulnerability. As of today, we have not seen weaponized exploits of this vulnerability, but this is likely to change soon. Here is what you can do to stay in front of this.
Apply Patches Immediately: Ensure all systems are updated with the latest Microsoft security patches. Prioritize Internet-facing systems.
Review IPv6 Usage: Disable IPv6 on systems where it is not essential to reduce the attack surface.
Enhance Monitoring: Implement robust network monitoring for suspicious IPv6 traffic to detect potential exploitation attempts.
Within the ThreatMate console, go to the Reporting tab on the left and select Vulnerability Search. From here you can enter CVE-2024-38063 and ThreatMate will identify all machines vulnerable to this attack. Important to note that the EPSS score for this vulnerability is still very low (0.09%). But we expect this to change in the coming days as the vulnerability finds its way into exploit toolkits.
To Learn More: