Nynox advisory - Threat alert -

Microsoft Windows desktop & server

– Date: 20th of August –

📢 Threat Alert – Windows – A critical RCE has been found in the IPv6 module in every Windows build. Please read further for more information.

During the latest patch Tuesday of Microsoft patched a critical RCE that impacted the TCP/IP IPv6 module in all Windows builds, CVE-2024-38063 (CVSS 9.8).

What’s going on?

⚠️ The vulnerability allows remote unauthenticated attackers to execute arbitrary code on affected systems by sending specially crafted IPv6 packets.

⚠️ This can be done without any user interaction, making it a “0-click” vulnerability.

⚠️ All current supported versions of Windows Desktop and Server are vulnerable.

WHY IS THIS a PROBLEM?

❗ IPv6 is a widely used protocol in all of the Windows stack that is enabled by default.

❗ Any Windows machine exposed to the internet is susceptible to this vulnerability.

❗ There are no known public POC’s available. Nevertheless, this could change at any moment in the coming weeks/months.

How does Nynox protect its customers?

🛡️ Free threat hunting based on the indicators for this attack

🛡️ Personalized assistance to mitigate the risk

🛡️ 24×7 Incident Response (CSIRT)

🛡️ 24×7 monitoring of customer environments

WHAT CAN YOU DO TO MITIGATE THE RISK?

✅ Please patch to the latest available security update: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38063

But what if you can’t?

Temporarily Disable IPv6. This could however make some Windows features not work as intended.

But what if yOu can’t? 

Remove all USB controllers from the Virtual Machine, disabling USB passthrough functionality, and rendering virtual USB devices inaccessible.

Default keyboard and mouse input devices remain unaffected because they operate independently of the USB protocol.

 
In need of assistent? We're here for you!
Our Latest insights