Windows TCP/IP IPv6 Remote Code Execution

🏭 MicrosoftCWE-191#RCE#Windows#IPv6#Wormable#Network

9.8Critical

010.0

Vulnerability Description

A critical remote code execution vulnerability in the Windows TCP/IP stack allows an unauthenticated attacker to achieve RCE by sending specially crafted IPv6 packets to a Windows machine. The attack requires no user interaction and can be triggered remotely.

Recommended Mitigation

Apply the August 2024 Windows security update. As a temporary mitigation, disable IPv6 on all Windows systems that do not require it via Group Policy or registry.

Affected Products

Windows 11

Windows 10

Windows Server 2019

Windows Server 2022

Version constraint: All Windows versions before August 2024 Patch Tuesday

Official References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 https://nvd.nist.gov/vuln/detail/CVE-2024-38063

Quick Facts

Published: 2024-08-13
Last Modified: 2024-08-16
Vendor: Microsoft
CWE: CWE-191
Exploit: ✅ No Known Exploit

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

View on NVD ← Back to Advisory Feed