Get in touch

Navigating CVE-2024-38063: Immediate Actions

CVE-2024-38063 is a serious security flaw in the system that helps Windows computers talk to each other over the internet. It’s particularly about the part that deals with the newer internet addresses (IPv6). This flaw is so severe that someone who knows about it could potentially control a Windows computer remotely without needing the user to do anything—just by sending specific internet traffic to it.

Microsoft has already fixed this problem in their latest update. All Windows users are strongly advised to update their systems right away to protect themselves. If the update can’t be applied immediately, a temporary fix would be to turn off the part of the system that handles the newer internet addresses, although this might stop some features or programs from working correctly until the update is installed.

Technical Details

CVE-2024-38063 is a critical remote code execution vulnerability affecting the Windows TCP/IP stack. It was patched by Microsoft in their August 2024 security updates. Key details about this vulnerability:

Severity and Scope

– It has a CVSS score of 9.8, making it a critical severity vulnerability[2][5].

– It impacts nearly all versions of Windows, including servers and workstations that have IPv6 enabled[4].

Attack Vector

– The vulnerability can be exploited remotely by an unauthenticated attacker by sending specially crafted IPv6 packets to a Windows machine[1][3].

– It is a zero-click exploit, meaning no user interaction is required, which significantly increases the risk[4].

– The attack complexity is low and exploitation is considered likely by Microsoft[7].

Impact

– Successful exploitation allows the attacker to execute arbitrary code on the target system with SYSTEM privileges, the highest level of access on a Windows machine[3][4].

– This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights[5].

Mitigation

– Microsoft has released security patches for all affected Windows versions which should be applied immediately[1][3][6].

– As a temporary mitigation, IPv6 can be disabled on vulnerable machines or incoming IPv6 traffic can be blocked at the firewall until patching is complete[1][3][4].

Detection and Monitoring

– Detection methods are still being developed but major security vendors are actively monitoring for any indications of exploitation[4][5].

– Qualys has added detection for this vulnerability (QID 92160)[5].


Remediation Details
Applying the Security Update

  1. Check for updates in Windows Update. Microsoft has released security updates for all affected Windows versions in the August 2024 Patch Tuesday release.
  2. Download and install the applicable cumulative update for your Windows version and edition. The updates that fix CVE-2024-38063 are:
    • Windows 11 24H2: KB5041571
    • Windows 11 23H2: KB5041585
    • Windows 11 22H2: KB5041573
    • Windows 11 21H2: KB5041580
    • Windows 10 21H2: KB5041580
    • Windows 10 20H2, 21H1: KB5041578
    • Windows Server 2022: KB5041160
    • Windows Server 2019: KB5041578
    • Windows Server 2016: KB5041773
  3. Reboot your machine after the update is installed for the changes to take effect.

Mitigation – Disabling IPv6

If you are unable to immediately install the security update, you can mitigate the risk by disabling IPv6 as the vulnerability is in the IPv6 subsystem. Here’s how:

  1. Open the Network Connections window by running ncpa.cpl
  2. Right-click on each network adapter and select Properties
  3. Uncheck the box for Internet Protocol Version 6 (TCP/IPv6)
  4. Click OK to save the changes
  5. Repeat for all network adapters

Note that disabling IPv6 may cause some Windows components or applications to not function properly. Re-enable it once you have applied the security update.

Update Table

Product CVE Update 
Windows Server 2022, 23H2 Edition CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415735039236 
Windows Server 2022 CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 504116050392275039330 
Windows Server 2019 CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415785039217 
Windows Server 2016 CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38159, CVE-2024-38160, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50417735039214 
Windows Server 2012 R2 CVE-2024-38063, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 504182850417705039294 
Windows Server 2012 CVE-2024-38063, CVE-2024-38107, CVE-2024-38140, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50418515039260 
Windows Server 2008 R2 for x64-based Systems Service Pack 1 CVE-2024-38063, CVE-2024-38140, CVE-2024-38193, CVE-2024-38199 50418385041823 
Windows Server 2008 for x64-based Systems Service Pack 2 CVE-2024-38063, CVE-2024-38140, CVE-2024-38193, CVE-2024-38199 50418385041823 
Windows Server 2008 for 32-bit Systems Service Pack 2 CVE-2024-38063, CVE-2024-38140, CVE-2024-38193, CVE-2024-38199 50418505041847 
Windows 11 Version 24H2 for x64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199 5041571 
Windows 11 Version 24H2 for ARM64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199 5041571 
Windows 11 Version 23H2 for x64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 5041585 
Windows 11 Version 23H2 for ARM64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415855039212 
Windows 11 Version 22H2 for x64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415855039212 
Windows 11 Version 22H2 for ARM64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415855039212 
Windows 11 version 21H2 for x64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 5039212 
Windows 11 version 21H2 for ARM64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415925039213 
Windows 10 Version 22H2 for x64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415805039211 
Windows 10 Version 22H2 for ARM64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415805039211 
Windows 10 Version 22H2 for 32-bit Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415805039211 
Windows 10 Version 21H2 for x64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415805039211 
Windows 10 Version 21H2 for ARM64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415805039211 
Windows 10 Version 21H2 for 32-bit Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415805039211 
Windows 10 Version 1809 for x64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415785039217 
Windows 10 Version 1809 for ARM64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50415785039217 
Windows 10 Version 1809 for 32-bit Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 5041578 
Windows 10 Version 1607 for x64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38159, CVE-2024-38160, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 5041773 
Windows 10 Version 1607 for 32-bit Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38159, CVE-2024-38160, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50417735039214 
Windows 10 for x64-based Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 50417825040448 
Windows 10 for 32-bit Systems CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 504178250404485039225 
Microsoft Project 2016 (64-bit edition) CVE-2024-38189 5002561 
Microsoft Project 2016 (32-bit edition) CVE-2024-38189 5002561 
Microsoft Office LTSC 2021 for 64-bit editions CVE-2024-38189, CVE-2024-38200 Click to Run 
Microsoft Office LTSC 2021 for 32-bit editions CVE-2024-38189, CVE-2024-38200 Click to Run 
Microsoft Office 2019 for 64-bit editions CVE-2024-38189, CVE-2024-38200 Click to Run 
Microsoft Office 2019 for 32-bit editions CVE-2024-38189, CVE-2024-38200 Click to Run 
Microsoft Office 2016 (64-bit edition) CVE-2024-38200 50026255002570 

Citations:

[1] https://www.reddit.com/r/sysadmin/comments/1es09xf/fyi_cve202438063/

[2] https://www.tenable.com/cve/CVE-2024-38063

[3] https://www.cybermaxx.com/resources/cve-2024-38063/

[4] https://insights.integrity360.com/threat-advisory-cve-2024-38063-windows-tcp/ip-remote-code-execution-vulnerability

[5] https://feedly.com/cve/CVE-2024-38063

[6] https://www.reddit.com/r/msp/comments/1es0ivo/security_headsup_cve202438063_windows_tcpip/

[7] https://www.crowdstrike.com/blog/patch-tuesday-analysis-august-2024/

August 15, 2024   -   Blog By: Neil Richardson

2024 cyber threats – Protect your business

To access your exclusive guide today, fill in the form below.