A vulnerability was found in the IPv6 implementation in Windows that allows you to infect computers remotely and unnoticed

Microsoft has warned of the need to install a patch to fix a vulnerability that threatens all Windows systems that use the IPv6 protocol enabled by default. The vulnerability is related to the implementation of TCP/IP – it allows remote code execution, and the likelihood of its exploitation is assessed as high.

Image source: Pete Linforth / pixabay.com

The discovery was made by expert Xiao Wei from Kunlun Lab. The vulnerability, identified as CVE-2024-38063, is caused by an Integer Underflow error and can be exploited to execute arbitrary code on vulnerable Windows 10, Windows 11, and Windows Server systems. The author of the discovery said that due to the degree of the threat, he would not disclose details about the vulnerability in the near future; but warned that blocking IPv6 on the local Windows Firewall will not close the vulnerability, since it is exploited before the firewall processes it.

Unauthenticated attackers can remotely exploit the vulnerability, Microsoft explained, by repeatedly sending IPv6 packets, including specially crafted ones. “Moreover, Microsoft is aware of past exploits of this type of vulnerability. This makes it an attractive target for attackers and thus increases the likelihood of creating exploits,” the company added. Windows users are advised to install this week’s security updates. Completely disabling IPv6 may cause some system components to stop working because it is an integral part of Windows Vista and Windows Server 2008 and later versions.

Dustin Childs, director of threat awareness for Trend Micro’s Zero Day Initiative, called CVE-2024-38063 one of the most serious vulnerabilities fixed in this week’s Windows update. It allows a potential attacker to remotely execute code simply by sending specially crafted IPv6 packets—no victim involvement is required. You can prevent its exploitation by completely blocking IPv6, but this protocol is enabled by default in almost all components. This means that hackers can write a malicious program – a worm, which independently spreads through computer networks, taking advantage of the CVE-2024-38063 error.

admin

Share
Published by
admin

Recent Posts

AOC Unveils 24-Inch 120Hz Monitor for $55

AOC has introduced an affordable 23.8-inch 24B35H monitor, equipped with an IPS matrix with a…

1 hour ago

Floating island survival sim Lost Skies is set for Steam Early Access – date already set

Developers from Bossa studio together with the publisher Humble Games have decided on the release…

1 hour ago

TikTok has finally “settled” in the Norwegian campus of the Green Mountain data center

TikTok servers are now up and running in all three data centers at Green Mountain's…

2 hours ago

Apple has pushed back the release of its smart home control device to 2026

According to Bloomberg columnist Mark Gurman, Apple no longer plans to release the Home Hub,…

3 hours ago

Apple has pushed back the release of its smart home control device to 2026

According to Bloomberg columnist Mark Gurman, Apple no longer plans to release the Home Hub,…

4 hours ago