Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
As usual, I was just scouring the internet during my lunch break this Wednesday, searching for new interesting things happening around in the tech arena and checking the new CVEs release list. My futile search was not completely futile as there was this specific vulnerability that caught my attention.
So basically, Microsoft issued an important warning this Tuesday, urging everyone to patch a critical TCP/IP remote code execution (RCE) vulnerability that affects all Windows systems using IPv6. And because IPv6 is enabled by default there is a very high chance of this vulnerability being exploited.
Beijing-based CyberKunlun Technology which projects itself as a new-generation cyberspace security company focusing on software and system security is the one that identified this security flaw first and reported it as CVE-2024-38063. CyberKunlun Technology a.k.a. Kunlun Lab previously successfully hacked the iOS on iPhone-13 in just under 15 seconds, more of this could be read here in this Forbes article.
So coming back to our topic, this security flaw stems from an Integer Underflow issue. If hackers take advantage of this, they could cause buffer overflows to run arbitrary code on vulnerable systems, including Windows 10, Windows 11, and Windows Server.
XiaoWei from Kunlun Lab mentioned on Twitter that, given the potential damage, they won’t be sharing more details for now. They also noted that simply blocking IPv6 on your Windows firewall won’t stop the exploit since the vulnerability gets triggered before the firewall even processes it.
Microsoft explained in their advisory that attackers could remotely exploit this flaw by repeatedly sending specially crafted IPv6 packets in a low-complexity attack. They’ve labeled this vulnerability with an “exploitation more likely” tag, meaning hackers could develop exploit code to take advantage of it consistently.
Microsoft also mentioned that similar vulnerabilities have been exploited in the past, making this a tempting target for attackers. So, if you haven’t already, it’s crucial to apply the security update as soon as possible.
If you can’t install the update right away, Microsoft suggests disabling IPv6 to reduce the risk. However, keep in mind that IPv6 is a key part of Windows, and turning it off could cause some system features to stop working properly.
Trend Micro’s Dustin Childs also called this bug one of the most serious issues fixed in this Patch Tuesday, labeling it “wormable,” meaning it could spread from one machine to another without user interaction. Disabling IPv6 might help, but since it’s enabled by default on almost everything, it’s better to patch the system.
This isn’t the first time Windows has faced IPv6-related vulnerabilities. In recent years, Microsoft has patched several other flaws, like the CVE-2020-16898/9 (also known as Ping of Death) and the CVE-2021-24086 IPv6 fragmentation bug. Although these haven’t yet been widely exploited, the new CVE-2024-38063 poses a greater risk, so updating your Windows systems promptly is essential.
