Microsoft Releases Critical Security Update for Windows Vulnerability

14 Aug 2024

Microsoft has issued an urgent security update to mitigate a significant remote code execution vulnerability identified in the Windows TCP/IP stack. This flaw, designated as CVE-2024-38063, poses a critical risk to all supported versions of Windows and Windows Server, including Server Core installations.

Understanding CVE-2024-38063

CVE-2024-38063 has been assigned a maximum severity rating of Critical, with a CVSSv3 score of 9.8. The vulnerability’s key characteristics are as follows:

  • An attacker can exploit this vulnerability remotely by sending specially crafted IPv6 packets to a targeted host.
  • No user interaction is necessary, categorizing this as a “0-click” vulnerability.
  • The exploitation is exclusively possible through IPv6 packets.

Microsoft has classified the likelihood of exploitation as “Exploitation More Likely.” Successful exploitation of CVE-2024-38063 could enable an attacker to execute arbitrary code on the affected system with SYSTEM privileges, granting them complete control over the compromised machine. According to Microsoft, “An unauthenticated attacker could repeatedly send IPv6 packets, including specially crafted packets, to a Windows machine, potentially enabling remote code execution.”

Affected Systems and Immediate Actions

The vulnerability affects all supported versions of:

  • Windows
  • Windows Server (including Server Core installations)

In response, Microsoft has rolled out patches for all impacted versions of Windows and Windows Server. Organizations are strongly encouraged to implement these updates without delay. As a precautionary measure, Microsoft advises disabling IPv6 if it is not essential, as the vulnerability can only be exploited through IPv6 packets. Additionally, Microsoft has addressed six Zero-Days that threat actors are actively exploiting in the wild.

Mitigations and Recommendations

Security experts recommend the following actions to safeguard systems:

  1. Immediately apply the latest Microsoft security updates.
  2. Prioritize patching internet-facing systems.
  3. Consider disabling IPv6 if it is not required in your environment.
  4. Monitor for any suspicious network activity, particularly involving IPv6 traffic.
  5. Implement network segmentation to limit potential lateral movement in the event of a system compromise.

Given the critical nature of this vulnerability and its potential for widespread impact, organizations should prioritize addressing CVE-2024-38063 as an urgent matter.

Looking Ahead: Copilot+ Devices and Windows 11

Microsoft also noted that the new Copilot+ devices, now publicly available, come pre-installed with Windows 11, version 24H2. Customers utilizing these devices should remain vigilant regarding vulnerabilities affecting their systems and ensure that updates are installed, especially if automatic updates are not enabled. The general availability date for Windows 11, version 24H2 is anticipated later this year.

Update: 14 Aug 2024

Top charts for Desktop Windows

uTorrent

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

5
1032 reviews
7508553
downloads
Zona

Zona

Latest update Zona download for free for Windows PC or Android mobile

4
614 reviews
1735313
downloads
WinRAR

WinRAR

Streamline file management with fast compression, secure your documents, and save space.

5
735 reviews
746713
downloads
Minecraft

Minecraft

Shape environments, explore vast worlds, and survive against monsters with endless creativity.

5
750 reviews
495630
downloads

News and reviews for Desktop Windows

Visio 2021 Professional Now $9.97 Until February 8

Visio 2021 Professional Now $9.97 Until February 8

Microsoft offers Visio 2021 Professional for $9.97, down from $249, with added templates, until February 8.

Read more
Code Vein Offers Stylish Combat, Discounted Editions

Code Vein Offers Stylish Combat, Discounted Editions

Code Vein captivates with anime-style combat and offers discounted editions. Fast-paced action meets fun builds in this cult classic.

Read more
Microsoft Phases Out RC4 in Kerberos for Windows Security

Microsoft Phases Out RC4 in Kerberos for Windows Security

Microsoft to eliminate RC4 in Kerberos by July 2026, enhancing Windows security.

Read more
Highguard Faces Criticism but Shows Potential for Growth

Highguard Faces Criticism but Shows Potential for Growth

Highguard, launched with controversy, holds potential despite poor reviews. Offering genre innovation, it aims to evolve against negative feedback.

Read more
PS2Recomp Boosts Native PS2 Games with Recompilation

PS2Recomp Boosts Native PS2 Games with Recompilation

PS2Recomp, a new tool, promises enhanced native PS2 game ports, sparking interest among developers for PC platforms.

Read more
NVIDIA Introduces RTX Remix Logic for Classic Game Mods

NVIDIA Introduces RTX Remix Logic for Classic Game Mods

NVIDIA's RTX Remix Logic, launched on 2026-01-27, enables dynamic modding of classic PC games with a no-code node-based interface.

Read more
Windows 11 Update KB5074109 Affects Legacy Modems

Windows 11 Update KB5074109 Affects Legacy Modems

The Windows 11 update KB5074109 disrupts modems by removing several legacy drivers, causing connectivity issues for select users.

Read more
Anytype Replaces Notion, Obsidian, and Todoist for Unified Workflow

Anytype Replaces Notion, Obsidian, and Todoist for Unified Workflow

Anytype consolidates Notion, Obsidian, and Todoist functions, reducing context-switching and improving workflow efficiency.

Read more
ReBlade: Cyberpunk Roguelike Announced by ChillyRoom

ReBlade: Cyberpunk Roguelike Announced by ChillyRoom

ReBlade from ChillyRoom and Spiral Up Games announced for PC: cyberpunk roguelike offers high-speed action in a dystopian setting.

Read more
Artorias Battles Elden Ring Bosses in New Video Showcase

Artorias Battles Elden Ring Bosses in New Video Showcase

Artorias from Dark Souls faces Elden Ring bosses, demonstrating impressive skills in Fights' YouTube video.

Read more
All article