CVSS SCORE
9.8
EXTREMELY DANGEROUS
A Critical Remote Code Execution Vulnerability in Windows, CVE-2024-38063, was recently published.
This is a critical vulnerability in the Windows TCP/IP stack, related to IPv6, that allows remote code execution due to an integer underflow in IPv6 packets. The vulnerability is categorized as a “zero-click” vulnerability, meaning it can be exploited without user interaction.
This vulnerability has a score of 9.8 on a scale of 0-10, which is extremely severe.
Exploitation of this vulnerability allows an attacker to remotely control the affected system, which can lead to data theft, arbitrary code execution, and possible privilege escalation. The “wormable” nature (which can be exploited by a malicious artifact capable of replicating and spreading automatically across connected devices) of this vulnerability also increases the risk of large-scale attacks.
With the Rainforest Infra module, your company can monitor and receive alerts in case of vulnerabilities of this type.
We enable you to identify whether a vulnerability affects your operating system and/or application in a cross-sector manner. In other words, you can search for a vulnerability by its identifier, CVE – Common Vulnerabilities and Exposures – and identify which IPs or Applications have such vulnerability.
One way to mitigate such vulnerability is to disable the IPv6 stack if it is not in use.
However, it is important to highlight that this is a palliative measure and does not replace the application of the official security patch made available by Microsoft. Disabling IPv6 can be a temporary solution while the patch is not applied or in environments where IPv6 is not necessary, but the best practice is to always keep systems updated with the latest security patches.
For those who already use the Rainforest platform, access the following link:
https://app.rainforest.tech/en/pages/reference/cves
and search for the CVE you want to obtain information about, for example, CVE-2024-38063.
An interesting video we identified on the subject can be seen below:
Informação sobre o patch de segurança oficial disponibilizado pela Microsoft:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063