Microsoft Security Alert: Zero-Click IPv6 Vulnerability on Windows Servers [CVE-2024-38063]

Microsoft has recently issued a critical security advisory concerning a newly discovered vulnerability affecting all Windows systems with IPv6 enabled. This vulnerability, tracked as CVE-2024-38063, allows remote code execution (RCE) without user interaction, posing a significant risk to servers and endpoints running on Windows 10, 11, and Windows Server.

Understanding the IPv6 Threat

The flaw, discovered by XiaoWei from Kunlun Lab, stems from an integer underflow weakness in the TCP/IP stack when processing IPv6 packets. This vulnerability is particularly dangerous because it can be exploited in a “zero-click” attack, meaning no user interaction is required for an attacker to gain control of a system. The potential impact is severe, as the flaw can be exploited remotely, allowing an unauthenticated attacker to execute arbitrary code by simply sending specially crafted IPv6 packets to the target system.

Exploitation and Mitigation

Microsoft has labeled this vulnerability as “exploitation more likely,” emphasizing the urgency for organizations to apply the necessary patches. Due to the ease of exploitation and the critical nature of the flaw, it has been identified as a high-priority issue by cybersecurity experts.

To mitigate the risk for systems that cannot be immediately patched, Microsoft suggests disabling IPv6. However, they caution that even disabling IPv6 may cause disruptions, as it is an integral part of the Windows network protocol stack since Windows Vista and Windows Server 2008.

This is not the first time Windows’ IPv6 implementation has been under scrutiny. Previous vulnerabilities, such as the “Ping of Death” (CVE-2020-16898) and an IPv6 fragmentation bug (CVE-2021-24086), have exposed similar weaknesses in the protocol, underlining the ongoing challenge of securing IPv6 implementations on Windows systems.

Immediate Action Required

Given the critical nature of CVE-2024-38063 and its potential for exploitation, immediate action is required from IT administrators and security teams. Patching systems should be prioritized to prevent potential breaches. In environments where patching is not immediately feasible, disabling IPv6 temporarily, while being mindful of the potential disruptions, could serve as a short-term mitigation strategy.

We strongly recommend that you install the latest Windows updats immediately. This is crucial, as the details of the vulnerability have become publicly available and can now be exploited by other attackers.

Emergency Support Services Available by NetShop ISP Support Team

In light of the critical IPv6 vulnerability affecting Windows systems, NetShop ISP’s 24×7 Support department is actively assisting customers with the necessary Windows updates to secure their systems.

Due to increased demand, customers under our Premium SLA are being prioritized. We encourage all other customers without a Premium SLA to submit a ticket via our portal to ensure their request is queued for support. Our team is committed to helping you protect your infrastructure during this urgent time.

For more details and updates, please refer to the original article on BleepingComputer.