Skip to content
New Ebook: Get your copy of the Unleash the Power of Censys Search Handbook today! | Download Now
Advisory

August 22, 2024 Advisory: Microsoft Windows IPv6 TCP/IP RCE [CVE-2024-38063]

Microsoft Windows IPv6 TCP/IP Remote Code Execution Vulnerability [CVE-2024-38063]

Date of Disclosure: August 13, 2024

CVE-ID and CVSS Score: CVE-2024-38063: CVSS 9.8 (Critical)

Issue Description: This is a zero-click, wormable vulnerability in the IPv6 TCP/IP stack of Microsoft Windows enables attackers to remotely execute arbitrary code on affected systems without any user interaction.

Asset Description: The issue impacts Microsoft Windows versions that support IPv6. It is particularly risky for internet-facing Windows servers and user devices with IPv6 enabled.

Vulnerability Impact: If successfully exploited, this vulnerability could allow attackers to remotely execute arbitrary code, which might result in a full system compromise, unauthorized data access, and/or exposure of sensitive information.

Exploitation Details: The flaw is located in the IPv6 TCP/IP component of the Windows networking stack. Attackers can exploit this vulnerability by sending specially crafted IPv6 packets to a target machine, enabling RCE without user interaction.

Patch Availability: Microsoft has issued a security update for this vulnerability as part of the August 2024 Patch Tuesday. It is crucial for organizations to apply this update promptly to mitigate risks. If immediate patching isn’t feasible, disabling IPv6 on affected Windows systems can help reduce the attack surface until the patch is applied.

Censys Perspective:

This vulnerability was addressed in the same update that mitigates CVE-2024-38077, a Windows Remote Desktop Licensing Service RCE Vulnerability for which we previously published an advisory: https://censys.com/cve-2024-38077/ .

To identify potentially vulnerable non-hosted Windows systems for CVE-2024-38063, you can use the same Censys queries that were shared to track CVE-2024-38077:

  • Censys Search Queryservices.parsed.dcerpc.endpoints.explained_uuid=”3d267954-eeb7-11d1-b94e-00c04fa3080d v1.0″
  • Censys ASM Queryhost.services.parsed.dcerpc.endpoints.explained_uuid=”3d267954-eeb7-11d1-b94e-00c04fa3080d v1.0″
  • Censys ASM Risk Queryrisks.name=”Windows Remote Desktop Licensing Service RCE Vulnerability [CVE-2024-38077]”

 

Map of Censys-visible Potentially Vulnerable Non-Hosted Windows Instances as of August 20, 2024

 

References:

 

Attack Surface Management Solutions
Learn more