Skip to content
    September 23, 2024

    CVE-2024-38063 Windows TCP/IP Remote Code Execution Vulnerability

    2024-09-23_09-55What Happened

    On August 13th, 2024, Microsoft issued a critical advisory for a vulnerability identified in IPv6 components used by the Windows operating system. This vulnerability within the Windows TCP/IP stack could potentially allow for attackers to perform remote code execution (RCE) by flooding victim endpoints with IPv6 packets, triggering an integer underflow state. Windows based endpoints with IPv6 enabled are all potentially vulnerable to this exploit. Due to the exposure of endpoints with IPv6 enabled and the impact this vulnerability could have, CVE-2024-38063 has been scored a 9.8 (Critical) on the CVSS scale.

    Proof of concept (PoC) code has been released, however, it is unable to trigger actual remote code execution. It’s not completely harmless, though, as it has been proven to allow for denial of service (DoS) on victim endpoints by causing a blue screen of death (BSOD) crash. Additionally, the PoC author believes that threat actors with enough patience and expertise would be able to use this PoC to implement a true remote code execution attack.

    What That Means

    At first glance, this CVE seems almost as bad as it can get, however there are some additional considerations to take into account before jumping into action. This vulnerability only affects Windows endpoints that have IPv6 enabled. This is a feature that is enabled by default, however, it is also understood that a victim would also need to actually have an IPv6 address assigned. For an endpoint to truly be vulnerable, it must have IPv6 enabled and have an IPv6 address. Proof of concept code requires that the attacker system can talk to the victim system over IPv6. Systems with IPv6 disabled are not vulnerable to this exploit. 

    If the victim system is vulnerable to this attack and is targeted by the single currently known PoC, the victim will see a large influx of IPv6 traffic before it locks up in a blue screen of death crash. To see this in action or read up on any of the technical details, take a look at the author’s code on github.

    Microsoft has provided official security patches for this vulnerability in the August monthly rollup and cumulative security updates for affected Windows 10, Windows 11, and Windows Server systems.

    At this time, Microsoft has not observed any exploitation of CVE-2024-38063 in the wild.

    Who’s Impacted

    The following devices are impacted

    • Windows 10
    • Windows 11
    • Windows Server 2008
    • Windows Server 2008 R2
    • Windows Server 2012
    • Windows Server 2012 R2
    • Windows Server 2016
    • Windows Server 2022

    How Would I Know and What Should I Do

    Update Windows systems - the updates provided by Microsoft have been rolled out and should be applied automatically through the typical Windows Update process. See the bottom section of this article for update information specific to each affected operating system.

    If updating is not possible, consider disabling IPv6 if it is not needed. This should be considered only a temporary fix as the most recommended and long-term solution would be to apply patches. Take care when disabling IPv6 on critical infrastructure as it may cause some unanticipated network disruptions.

    Monitor your network for abnormally large amounts of IPv6 traffic directed at single targets. If systems are being targeted for this CVE, they may experience instability or crashing.

    When Will Microsoft Fix It

    As of 2024-08-13, Microsoft has released updates for all supported and affected systems.

    Release date

    Product

    Article

    Download

    Build Number

    Aug 13, 2024

    Windows 11 Version 24H2 for x64-based Systems

    5041571

    Security Update

    10.0.26100.1457

    Aug 13, 2024

    Windows 11 Version 24H2 for ARM64-based Systems

    5041571

    Security Update

    10.0.26100.1457

    Aug 13, 2024

    Windows Server 2012 R2 (Server Core installation)

    5041828

    Monthly Rollup

    6.3.9600.22134

    Aug 13, 2024

    Windows Server 2012 R2

    5041828

    Monthly Rollup

    6.3.9600.22134

    Aug 13, 2024

    Windows Server 2012 (Server Core installation)

    5041851

    Monthly Rollup

    6.2.9200.25031

    Aug 13, 2024

    Windows Server 2012

    5041851

    Monthly Rollup

    6.2.9200.25031

    Aug 13, 2024

    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

    5041838

    Monthly Rollup

    6.1.7601.27277

    Aug 13, 2024

    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

    5041823

    Security Only

    6.1.7601.27277

    Aug 13, 2024

    Windows Server 2008 R2 for x64-based Systems Service Pack 1

    5041838

    Monthly Rollup

    6.1.7601.27277

    Aug 13, 2024

    Windows Server 2008 R2 for x64-based Systems Service Pack 1

    5041823

    Security Only

    6.1.7601.27277

    Aug 13, 2024

    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

    5041850

    Monthly Rollup

    6.0.6003.22825

    Aug 13, 2024

    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

    5041847

    Security Only

    6.0.6003.22825

    Aug 13, 2024

    Windows Server 2008 for x64-based Systems Service Pack 2

    5041850

    Monthly Rollup

    6.0.6003.22825

    Aug 13, 2024

    Windows Server 2008 for x64-based Systems Service Pack 2

    5041847

    Security Only

    6.0.6003.22825

    Aug 13, 2024

    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

    5041850

    Monthly Rollup

    6.0.6003.22825

    Aug 13, 2024

    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

    5041847

    Security Only

    6.0.6003.22825

    Aug 13, 2024

    Windows Server 2008 for 32-bit Systems Service Pack 2

    5041850

    Monthly Rollup

    6.0.6003.22825

    Aug 13, 2024

    Windows Server 2008 for 32-bit Systems Service Pack 2

    5041847

    Security Only

    6.0.6003.22825

    Aug 13, 2024

    Windows Server 2016 (Server Core installation)

    5041773

    Security Update

    10.0.14393.7259

    Aug 13, 2024

    Windows Server 2016

    5041773

    Security Update

    10.0.14393.7259

    Aug 13, 2024

    Windows 10 Version 1607 for x64-based Systems

    5041773

    Security Update

    10.0.14393.7259

    Aug 13, 2024

    Windows 10 Version 1607 for 32-bit Systems

    5041773

    Security Update

    10.0.14393.7259

    Aug 13, 2024

    Windows 10 for x64-based Systems

    5041782

    Security Update

    10.0.10240.20751

    Aug 13, 2024

    Windows 10 for 32-bit Systems

    5041782

    Security Update

    10.0.10240.20751

    Aug 13, 2024

    Windows Server 2022, 23H2 Edition (Server Core installation)

    5041573

    Security Update

    10.0.25398.1085

    Aug 13, 2024

    Windows 11 Version 23H2 for x64-based Systems

    5041585

    Security Update

    10.0.22631.4037

    Aug 13, 2024

    Windows 11 Version 23H2 for ARM64-based Systems

    5041585

    Security Update

    10.0.22631.4037

    Aug 13, 2024

    Windows 10 Version 22H2 for 32-bit Systems

    5041580

    Security Update

    10.0.19045.4780

    Aug 13, 2024

    Windows 10 Version 22H2 for ARM64-based Systems

    5041580

    Security Update

    10.0.19045.4780

    Aug 13, 2024

    Windows 10 Version 22H2 for x64-based Systems

    5041580

    Security Update

    10.0.19045.4780

    Aug 13, 2024

    Windows 11 Version 22H2 for x64-based Systems

    5041585

    Security Update

    10.0.22621.4037

    Aug 13, 2024

    Windows 11 Version 22H2 for ARM64-based Systems

    5041585

    Security Update

    10.0.22621.4037

    Aug 13, 2024

    Windows 10 Version 21H2 for x64-based Systems

    5041580

    Security Update

    10.0.19044.4780

    Aug 13, 2024

    Windows 10 Version 21H2 for ARM64-based Systems

    5041580

    Security Update

    10.0.19044.4780

    Aug 13, 2024

    Windows 10 Version 21H2 for 32-bit Systems

    5041580

    Security Update

    10.0.19044.4780

    Aug 13, 2024

    Windows 11 version 21H2 for ARM64-based Systems

    5043067

    Security Update

    10.0.22000.3197

    Aug 13, 2024

    Windows 11 version 21H2 for x64-based Systems

    5043067

    Security Update

    10.0.22000.3197

    Aug 13, 2024

    Windows Server 2022 (Server Core installation)

    5042881

    Security Update

    10.0.20348.2700

    Aug 13, 2024

    Windows Server 2022

    5042881

    Security Update

    10.0.20348.2700

    Aug 13, 2024

    Windows Server 2019 (Server Core installation)

    5043050

    Security Update

    10.0.17763.6293

    Aug 13, 2024

    Windows Server 2019

    5043050

    Security Update

    10.0.17763.6293

    Aug 13, 2024

    Windows 10 Version 1809 for ARM64-based Systems

    5043050

    Security Update

    10.0.17763.6293

    Aug 13, 2024

    Windows 10 Version 1809 for x64-based Systems

    5043050

    Security Update

    10.0.17763.6293

    Aug 13, 2024

    Windows 10 Version 1809 for 32-bit Systems

    5043050

    Security Update

    10.0.17763.6293

     

    How Blumira Can Help

    Blumira continues to actively monitor this issue, and look for ways that we can detect any stage of exploitation of these vulnerabilities.

    If you are an MSP and not already using Blumira, please submit a request for a “free for internal use” NFR account.

    Blumira’s Free SIEM is easy to deploy; IT and security teams can start seeing immediate security value for their organizations.

    Tag(s): Security Alerts , Blog

    Jake Ouellette

    Jake is an Incident Detection Engineer at Blumira, where he contributes to research and design efforts to continuously improve the detection, analysis, and disruption capabilities of the Blumira platform.

    More from the blog

    View All Posts