On August 13th, 2024, Microsoft issued a critical advisory for a vulnerability identified in IPv6 components used by the Windows operating system. This vulnerability within the Windows TCP/IP stack could potentially allow for attackers to perform remote code execution (RCE) by flooding victim endpoints with IPv6 packets, triggering an integer underflow state. Windows based endpoints with IPv6 enabled are all potentially vulnerable to this exploit. Due to the exposure of endpoints with IPv6 enabled and the impact this vulnerability could have, CVE-2024-38063 has been scored a 9.8 (Critical) on the CVSS scale.
Proof of concept (PoC) code has been released, however, it is unable to trigger actual remote code execution. It’s not completely harmless, though, as it has been proven to allow for denial of service (DoS) on victim endpoints by causing a blue screen of death (BSOD) crash. Additionally, the PoC author believes that threat actors with enough patience and expertise would be able to use this PoC to implement a true remote code execution attack.
At first glance, this CVE seems almost as bad as it can get, however there are some additional considerations to take into account before jumping into action. This vulnerability only affects Windows endpoints that have IPv6 enabled. This is a feature that is enabled by default, however, it is also understood that a victim would also need to actually have an IPv6 address assigned. For an endpoint to truly be vulnerable, it must have IPv6 enabled and have an IPv6 address. Proof of concept code requires that the attacker system can talk to the victim system over IPv6. Systems with IPv6 disabled are not vulnerable to this exploit.
If the victim system is vulnerable to this attack and is targeted by the single currently known PoC, the victim will see a large influx of IPv6 traffic before it locks up in a blue screen of death crash. To see this in action or read up on any of the technical details, take a look at the author’s code on github.
Microsoft has provided official security patches for this vulnerability in the August monthly rollup and cumulative security updates for affected Windows 10, Windows 11, and Windows Server systems.
At this time, Microsoft has not observed any exploitation of CVE-2024-38063 in the wild.
The following devices are impacted
Update Windows systems - the updates provided by Microsoft have been rolled out and should be applied automatically through the typical Windows Update process. See the bottom section of this article for update information specific to each affected operating system.
If updating is not possible, consider disabling IPv6 if it is not needed. This should be considered only a temporary fix as the most recommended and long-term solution would be to apply patches. Take care when disabling IPv6 on critical infrastructure as it may cause some unanticipated network disruptions.
Monitor your network for abnormally large amounts of IPv6 traffic directed at single targets. If systems are being targeted for this CVE, they may experience instability or crashing.
As of 2024-08-13, Microsoft has released updates for all supported and affected systems.
|
Release date |
Product |
Article |
Download |
Build Number |
|
Aug 13, 2024 |
Windows 11 Version 24H2 for x64-based Systems |
10.0.26100.1457 |
||
|
Aug 13, 2024 |
Windows 11 Version 24H2 for ARM64-based Systems |
10.0.26100.1457 |
||
|
Aug 13, 2024 |
Windows Server 2012 R2 (Server Core installation) |
6.3.9600.22134 |
||
|
Aug 13, 2024 |
Windows Server 2012 R2 |
6.3.9600.22134 |
||
|
Aug 13, 2024 |
Windows Server 2012 (Server Core installation) |
6.2.9200.25031 |
||
|
Aug 13, 2024 |
Windows Server 2012 |
6.2.9200.25031 |
||
|
Aug 13, 2024 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
6.1.7601.27277 |
||
|
Aug 13, 2024 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
6.1.7601.27277 |
||
|
Aug 13, 2024 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
6.1.7601.27277 |
||
|
Aug 13, 2024 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
6.1.7601.27277 |
||
|
Aug 13, 2024 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
6.0.6003.22825 |
||
|
Aug 13, 2024 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
6.0.6003.22825 |
||
|
Aug 13, 2024 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
6.0.6003.22825 |
||
|
Aug 13, 2024 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
6.0.6003.22825 |
||
|
Aug 13, 2024 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
6.0.6003.22825 |
||
|
Aug 13, 2024 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
6.0.6003.22825 |
||
|
Aug 13, 2024 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
6.0.6003.22825 |
||
|
Aug 13, 2024 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
6.0.6003.22825 |
||
|
Aug 13, 2024 |
Windows Server 2016 (Server Core installation) |
10.0.14393.7259 |
||
|
Aug 13, 2024 |
Windows Server 2016 |
10.0.14393.7259 |
||
|
Aug 13, 2024 |
Windows 10 Version 1607 for x64-based Systems |
10.0.14393.7259 |
||
|
Aug 13, 2024 |
Windows 10 Version 1607 for 32-bit Systems |
10.0.14393.7259 |
||
|
Aug 13, 2024 |
Windows 10 for x64-based Systems |
10.0.10240.20751 |
||
|
Aug 13, 2024 |
Windows 10 for 32-bit Systems |
10.0.10240.20751 |
||
|
Aug 13, 2024 |
Windows Server 2022, 23H2 Edition (Server Core installation) |
10.0.25398.1085 |
||
|
Aug 13, 2024 |
Windows 11 Version 23H2 for x64-based Systems |
10.0.22631.4037 |
||
|
Aug 13, 2024 |
Windows 11 Version 23H2 for ARM64-based Systems |
10.0.22631.4037 |
||
|
Aug 13, 2024 |
Windows 10 Version 22H2 for 32-bit Systems |
10.0.19045.4780 |
||
|
Aug 13, 2024 |
Windows 10 Version 22H2 for ARM64-based Systems |
10.0.19045.4780 |
||
|
Aug 13, 2024 |
Windows 10 Version 22H2 for x64-based Systems |
10.0.19045.4780 |
||
|
Aug 13, 2024 |
Windows 11 Version 22H2 for x64-based Systems |
10.0.22621.4037 |
||
|
Aug 13, 2024 |
Windows 11 Version 22H2 for ARM64-based Systems |
10.0.22621.4037 |
||
|
Aug 13, 2024 |
Windows 10 Version 21H2 for x64-based Systems |
10.0.19044.4780 |
||
|
Aug 13, 2024 |
Windows 10 Version 21H2 for ARM64-based Systems |
10.0.19044.4780 |
||
|
Aug 13, 2024 |
Windows 10 Version 21H2 for 32-bit Systems |
10.0.19044.4780 |
||
|
Aug 13, 2024 |
Windows 11 version 21H2 for ARM64-based Systems |
10.0.22000.3197 |
||
|
Aug 13, 2024 |
Windows 11 version 21H2 for x64-based Systems |
10.0.22000.3197 |
||
|
Aug 13, 2024 |
Windows Server 2022 (Server Core installation) |
10.0.20348.2700 |
||
|
Aug 13, 2024 |
Windows Server 2022 |
10.0.20348.2700 |
||
|
Aug 13, 2024 |
Windows Server 2019 (Server Core installation) |
10.0.17763.6293 |
||
|
Aug 13, 2024 |
Windows Server 2019 |
10.0.17763.6293 |
||
|
Aug 13, 2024 |
Windows 10 Version 1809 for ARM64-based Systems |
10.0.17763.6293 |
||
|
Aug 13, 2024 |
Windows 10 Version 1809 for x64-based Systems |
10.0.17763.6293 |
||
|
Aug 13, 2024 |
Windows 10 Version 1809 for 32-bit Systems |
10.0.17763.6293 |
Blumira continues to actively monitor this issue, and look for ways that we can detect any stage of exploitation of these vulnerabilities.
If you are an MSP and not already using Blumira, please submit a request for a “free for internal use” NFR account.
Blumira’s Free SIEM is easy to deploy; IT and security teams can start seeing immediate security value for their organizations.