If you haven’t installed the security patches for Windows in the latest Patch Tuesday cumulative update, you should probably hurry, as experts have released a proof-of-concept (PoC) for a critical severity flaw allowing crooks to mount remote code execution (RCE) attacks.
The vulnerability in question, which was addressed in the latest update, released on August 13, is tracked as CVE-2024-38063, and has a severity score of 9.8 (critical).
It is described as a Windows TCP/IP RCE flaw, in which an unauthenticated user could spam specially crafted IPv6 packets until they discover a vulnerable endpoint.
Patching the flaw
The only workaround is to disable IPv6 and just use IPv4 which, as you might imagine, isn’t ideal for many users. At the time the bug was discovered, Microsoft said that Windows 10, 11, and Server versions were vulnerable, but that no one abused it yet. Still, given the severity of the flaw and the ease at which it might be exploited, Microsoft said it was “more likely” that it would start happening sooner or later. Now we know it was sooner, rather than later.
A white-hat hacker alias Ynwarcs released a PoC, saying “the easiest way to reproduce the vuln is by using bcdedit /set debug on on the target system and restarting the machine/VM”.
“This makes the default network adapter driver kdnic.sys, which is very happy to coalesce packets. If you’re trying to reproduce the vuln on a different setup, you’ll need to get the system in a position where it will coalesce the packets you sent.”
Stalling with patches (or outright ignoring them) is one of the bigger causes of many cyberattacks and data breaches. Sometimes it’s justified, as patches were known to break entire systems and cause havoc (just remember the snafu from the faulty CrowdStrike update recently). In this case, since the patch was not reported to be causing any major issues, installing it is very much advised.
Via The Register
