CERT-In Issues Critical Alert on Windows IPv6 Security Vulnerabilities

25 Aug 2024

Visual and Emotional Appeal

This warning serves as a clarion call for Windows PC users to act swiftly. The potential for unauthorized code execution and privilege escalation is alarming, making it imperative for users to take proactive measures to protect their systems.

Key Moments

  • Vulnerability Classification: CERT-In has classified the security flaws as “Critical.”
  • Affected Systems: Windows PCs utilizing IPv6 connectivity, along with specific versions of Windows and Windows Server.

Security Flaws

  • Windows TCP/IP Remote Code Execution: This flaw allows for arbitrary code execution.
  • Windows Kernel Vulnerability: This permits privilege escalation.

Details About the Narrative

CERT-In's latest report highlights two critical vulnerabilities impacting Windows PCs. The first is a remote code execution flaw associated with the Windows TCP/IP stack, particularly affecting systems that utilize IPv6. Attackers can exploit this vulnerability by sending specially crafted IPv6 packets, which may lead to arbitrary code execution on the targeted system.

The second vulnerability resides within the Windows Kernel, allowing attackers to gain elevated privileges through a race condition. This flaw affects various versions of Windows and Windows Server, potentially enabling unauthorized access if successfully exploited. To mitigate these risks, the government body has recommended that users disable IPv6 if it is not essential and ensure they apply the latest updates from Microsoft. For the Windows Kernel vulnerability, users are advised to install the most recent security patch addressing the “CIVN-2024-0260” vulnerability.

Important Points

IPv6 Vulnerability

  • Affected Devices: Windows PCs connected to IPv6.
  • Cause: An integer underflow weakness leading to a buffer overflow.
  • Solution: Disable IPv6 if not needed; apply Microsoft updates by navigating to Settings → Software Update to install the latest update.

Windows Kernel Vulnerability

  • Affected Versions:
    • Windows 10: Versions 1607, 1809, 21H2, 22H2
    • Windows 11: Versions 21H2, 22H2, 23H2, 24H2
    • Windows Server: 2016, 2019, 2022 (including Server Core installations)
  • Cause: A race condition in the Windows Kernel.
  • Solution: Install the latest security patch for “CIVN-2024-0260.”

Update: 25 Aug 2024

Top charts for Desktop Windows

uTorrent

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

5
1032 reviews
6534383
downloads
Zona

Zona

Latest update Zona download for free for Windows PC or Android mobile

4
614 reviews
1331577
downloads
WinRAR

WinRAR

Latest update WinRAR download for free for Windows PC or Android mobile

5
735 reviews
518343
downloads
Minecraft

Minecraft

Latest update Minecraft download for free for Windows PC or Android mobile

5
750 reviews
456269
downloads

News and reviews for Desktop Windows

Hytale Development Resumes as Riot Sells Back to Co-Founder

Hytale Development Resumes as Riot Sells Back to Co-Founder

Riot Games sells Hytale back to Simon Collins-Laflamme, who resumes game development with original team.

Read more
Phasmophobia Avoids Live Service Model for Stability

Phasmophobia Avoids Live Service Model for Stability

Kinetic Games shuns live service for Phasmophobia, focusing on stable updates and player enjoyment over monetary pressure.

Read more
Autonomous AI Cyberattack by China-Backed Hackers Unveiled

Autonomous AI Cyberattack by China-Backed Hackers Unveiled

In September, China-backed hackers used AI to launch global attacks on tech and finance firms, impacting cybersecurity significantly.

Read more
Cozy Marbles Announced for PC: Playtest Available Now

Cozy Marbles Announced for PC: Playtest Available Now

Cozy Marbles, a PC marble run game, was announced for 2026. Playtest available now.

Read more
Atari Pulls Cold Fear from Steam Post-Acquisition

Atari Pulls Cold Fear from Steam Post-Acquisition

Cold Fear removed from Steam following Atari's acquisition of rights from Nightdive. Revival uncertain.

Read more
Humble Choice Adds Eight-Game Bundle for $15

Humble Choice Adds Eight-Game Bundle for $15

Humble Choice offers eight games for $14.99, including six Steam Deck Verified titles. Available this month only; games worth $229.92.

Read more
New Indie PC Games Released Feature Demonschool and Moonlighter 2

New Indie PC Games Released Feature Demonschool and Moonlighter 2

Demonschool and Moonlighter 2 debut this November 2025 in a vibrant week for PC games releases.

Read more
XDefiant's Origins Linked to Splinter Cell Project

XDefiant's Origins Linked to Splinter Cell Project

XDefiant began as a Splinter Cell project at Ubisoft in 2017, before pivoting in 2024. Developers moved on to AdHoc Studio.

Read more
RONINGLOADER Exploits in Campaign Targeting Chinese Users

RONINGLOADER Exploits in Campaign Targeting Chinese Users

RONINGLOADER used by Dragon Breath for Gh0st RAT attacks on Chinese users, bypassing defenses.

Read more
Windows 11 Fixes Shut Down Bug with Update KB5067036

Windows 11 Fixes Shut Down Bug with Update KB5067036

Microsoft's Windows 11 update KB5067036 fixes the 'Update and shutdown' bug. Rolling out in October 2025, it enhances shutdown reliability.

Read more
All article