Security

Windows IPv6 TCP/IP RCE CVE-2024-38063: What is it & What do I do?

Noah Simon

,

Head of Product Marketing

,

What are we talking about?

Microsoft’s latest Patch Tuesday released an advisory about CVE-2024-38063, a TCP/IP vulnerability in the Windows operating system.

What that means is the vulnerable component in Windows is actually the very fundamental Networking stack, that implements the TCP/IP protocol stack.

Microsoft MSRC’s advisory specifies that the vulnerability requires IPv6 communication with a target for it to be exploitable - or even triggerable from the first place.

Is it risky?

The first instinct is “Yes”. A vulnerability that exists in such a core component poses great risks.

As per Microsoft’s exploitability assessment - triggering the vulnerability is likely and possible, which would be why it is tagged with a very high CVSS.

Not many details about the actual vulnerability have been released - and there are no public proof of concepts as of this writing. This is a good time to review effective counter measures that can be implemented to mitigate the risk!

Is this vulnerability critical for me?

The vulnerability is within the IPv6 sub-system, which requires IPv6 communication with a target, for it to be exploitable. If your organization is running any Windows Servers and end-user devices (who isn’t?), then you should quickly assess your environment for affected OS versions detailed in the advisory.

If your internet-facing Windows assets support IPv6, we would suggest disabling IPv6 first to lower the risk and impact of this vulnerability. Once that’s been done, the next step should be applying the Microsoft supplied patch to internally-accessible Windows assets.

You can find more information about the patch on Microsoft’s page here.

How to stay safe using Dazz

There are a few effective countermeasures that can be performed to stay safe!

Dazz can help you stay safe by aggregating and correlating all machines vulnerable to CVE-2024-38063, and delivering effective remediation guidelines to help owners fix as fast as possible. If you have any questions, please feel free to reach out to our experts here!

The general approach to reduce the risk of CVE-2024-38063 can be taken in two steps :

  1. Applying Microsoft’s patch: Microsoft already pushed out a patch that fixes the vulnerability. Applying the patch wherever possible will ensure you’re safe! Dazz can help verify that patches have been applied upon rescans across your entire environment.
  2. Disabling IPv6: As the vulnerability is in the IPv6 subsystem, disabling IPv6 on Windows Machines prevents this vulnerability from being accessible.

See Dazz for  yourself.

Get a demo