Nynox advisory - Threat alert -
Microsoft Windows desktop & server
– Date: 20th of August –
📢 Threat Alert – Windows – A critical RCE has been found in the IPv6 module in every Windows build. Please read further for more information.
During the latest patch Tuesday of Microsoft patched a critical RCE that impacted the TCP/IP IPv6 module in all Windows builds, CVE-2024-38063 (CVSS 9.8).
What’s going on?
⚠️ The vulnerability allows remote unauthenticated attackers to execute arbitrary code on affected systems by sending specially crafted IPv6 packets.
⚠️ This can be done without any user interaction, making it a “0-click” vulnerability.
⚠️ All current supported versions of Windows Desktop and Server are vulnerable.
WHY IS THIS a PROBLEM?
❗ IPv6 is a widely used protocol in all of the Windows stack that is enabled by default.
❗ Any Windows machine exposed to the internet is susceptible to this vulnerability.
❗ There are no known public POC’s available. Nevertheless, this could change at any moment in the coming weeks/months.
How does Nynox protect its customers?
🛡️ Free threat hunting based on the indicators for this attack
🛡️ Personalized assistance to mitigate the risk
🛡️ 24×7 Incident Response (CSIRT)
🛡️ 24×7 monitoring of customer environments
WHAT CAN YOU DO TO MITIGATE THE RISK?
✅ Please patch to the latest available security update: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38063
But what if you can’t?
✅ Temporarily Disable IPv6. This could however make some Windows features not work as intended.
But what if yOu can’t?
✅ Remove all USB controllers from the Virtual Machine, disabling USB passthrough functionality, and rendering virtual USB devices inaccessible.
✅ Default keyboard and mouse input devices remain unaffected because they operate independently of the USB protocol.
