Security experts are ratcheting up the urgency for Windows sysadmins to patch a pre-auth remote code execution vulnerability in the Windows TCP/IP stack, warning that zero-click exploitation is very likely.
Technical details on the vulnerability, tracked as CVE-2024-38063, remain scarce but Microsoft’s sparse documentation suggests a worm-like attack is practical on the newest versions of its flagship operating system.
“An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution,” the software giant warned in a critical-severity bulletin.
Microsoft slapped a CVSS severity score of 9.8/10 and stressed that exploits may be trivial to craft, requiring no privileges or user interaction.
Chinese researcher Xiao Wei of Cyber KunLun said he discovered the vulnerability “several months ago” and strongly pushed Windows users to deploy the available patches or disable IPv6 as a temporary mitigation.
https://www.securityweek.com/zero-click-exploit-concerns-drive-urgent-patching-of-windows-tcp-ip-flaw/
