If you haven't installed the security patches for Windows in the latest Patch Tuesday cumulative update, you should probably hurry up, as experts have published a proof of concept (PoC) for a critical severity flaw that allows criminals to perform remote code execution (RCE) attacks.
The vulnerability in question, which was addressed in the latest update released on August 13, is identified as CVE-2024-38063 and has a severity score of 9.8 (critical).
It is described as a Windows TCP/IP RCE flaw, where an unauthenticated user could spam specially crafted IPv6 packets until a vulnerable endpoint is discovered.
Repair the defect
The only workaround is to disable IPv6 and just use IPv4, which, as you can imagine, isn't ideal for many users. At the time the bug was discovered, Microsoft said that Windows 10, 11, and Server versions were vulnerable, but that no one had abused them yet. Still, given the severity of the flaw and the ease with which it could be exploited, Microsoft said it was “more likely” to start happening sooner or later. Now we know it was sooner rather than later.
A white hat hacker alias Ynwarcs published a PoC, saying that “the easiest way to reproduce the vulnerability is by using bcdedit /set debug on on the target system and rebooting the machine/VM.”
“This causes the default network adapter driver to be kdnic.sys, which will be responsible for packet merging. If you attempt to reproduce the vulnerability in a different configuration, you will need to put the system in a position where it merges the packets it sent.”
Delaying the installation of patches (or simply ignoring them) is one of the main causes of many cyberattacks and data breaches. Sometimes it is justified, as patches are known to be able to break entire systems and cause havoc (just remember the issue that CrowdStrike's faulty update created recently). In this case, since the patch was not reported to cause any major issues, installing it is highly recommended.
Through The Registry
