Microsoft Users Rush To Patch Zero-Click TCP/IP RCE Flaw

From the ~100 security fixes released this month by Microsoft, a critical vulnerability also received a fix, for which a researcher alerted users. Specifically, Microsoft patched a zero-click TCP/IP flaw that could allow unauthenticated remote code execution attacks.

Researcher Alerts Microsoft Users About The Zero-Click TCP/IP RCE Flaw

Security researcher XiaoWei from Kunlun Lab recently highlighted a serious security vulnerability that Microsoft has just patched.

As mentioned in Wei’s X post, a remote code execution vulnerability affected the TCP/IP module in Windows systems. The vulnerability caught the researcher’s attention ‘several months ago’, after which Wei responsibly disclosed the flaw to Microsoft.

Following Wei’s report, Microsoft addressed the vulnerability, releasing the patch with the August 2024 Patch Tuesday updates.

While this Patch Tuesday is already important for users, considering it addressed ten zero-days, the patch for nine critical vulnerabilities, including this TCP/IP flaw, makes it even more crucial for them to apply immediately.

Microsoft identified this vulnerability as CVE-2024-38063, which received a critical severity rating and a CVSS score of 9.8. Describing this vulnerability, Microsoft’s advisory reads,

An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.

From the description, it is clear that the vulnerability typically targets IPv6-enabled systems. It is a serious matter, given that IPv6 comes enabled by default in the latest Windows 11. That means this security issue predominantly threatens the latest Windows systems, whereas the older systems with unsupported or disabled IPv6 remained unaffected.

How To Check/Enable/Disable IPv6 On Windows (10/11)

Although Microsoft does not recommend disabling IPv6, users must know that IPv6 isn’t generally supported yet, particularly for older devices.

Hence, while an active IPv6 might be useful in some cases, it is safe to disable IPv6 on systems in other situations, such as when using a VPN that doesn’t support IPv6, or to prevent exploitation of vulnerabilities like CVE-2024-38063.

Windows 10 and 11 users may follow this path to check IPv6 status on their device: Control Panel\Network and Internet\Network Connections. Then, right-click on the active network connection icon and go to ‘Properties.’ Next, check or uncheck the “Internet Protocol Version 6 (TCP/IPv6)” option to enable or disable IPv6.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients