CVE-2024-38063 is a serious security flaw in the system that helps Windows computers talk to each other over the internet. It’s particularly about the part that deals with the newer internet addresses (IPv6). This flaw is so severe that someone who knows about it could potentially control a Windows computer remotely without needing the user to do anything—just by sending specific internet traffic to it.
Microsoft has already fixed this problem in their latest update. All Windows users are strongly advised to update their systems right away to protect themselves. If the update can’t be applied immediately, a temporary fix would be to turn off the part of the system that handles the newer internet addresses, although this might stop some features or programs from working correctly until the update is installed.
CVE-2024-38063 is a critical remote code execution vulnerability affecting the Windows TCP/IP stack. It was patched by Microsoft in their August 2024 security updates. Key details about this vulnerability:
Severity and Scope
– It has a CVSS score of 9.8, making it a critical severity vulnerability[2][5].
– It impacts nearly all versions of Windows, including servers and workstations that have IPv6 enabled[4].
Attack Vector
– The vulnerability can be exploited remotely by an unauthenticated attacker by sending specially crafted IPv6 packets to a Windows machine[1][3].
– It is a zero-click exploit, meaning no user interaction is required, which significantly increases the risk[4].
– The attack complexity is low and exploitation is considered likely by Microsoft[7].
Impact
– Successful exploitation allows the attacker to execute arbitrary code on the target system with SYSTEM privileges, the highest level of access on a Windows machine[3][4].
– This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights[5].
Mitigation
– Microsoft has released security patches for all affected Windows versions which should be applied immediately[1][3][6].
– As a temporary mitigation, IPv6 can be disabled on vulnerable machines or incoming IPv6 traffic can be blocked at the firewall until patching is complete[1][3][4].
Detection and Monitoring
– Detection methods are still being developed but major security vendors are actively monitoring for any indications of exploitation[4][5].
– Qualys has added detection for this vulnerability (QID 92160)[5].
Mitigation – Disabling IPv6
If you are unable to immediately install the security update, you can mitigate the risk by disabling IPv6 as the vulnerability is in the IPv6 subsystem. Here’s how:
ncpa.cpl
Note that disabling IPv6 may cause some Windows components or applications to not function properly. Re-enable it once you have applied the security update.
Product | CVE | Update |
Windows Server 2022, 23H2 Edition | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041573, 5039236 |
Windows Server 2022 | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041160, 5039227, 5039330 |
Windows Server 2019 | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041578, 5039217 |
Windows Server 2016 | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38159, CVE-2024-38160, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041773, 5039214 |
Windows Server 2012 R2 | CVE-2024-38063, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041828, 5041770, 5039294 |
Windows Server 2012 | CVE-2024-38063, CVE-2024-38107, CVE-2024-38140, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041851, 5039260 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | CVE-2024-38063, CVE-2024-38140, CVE-2024-38193, CVE-2024-38199 | 5041838, 5041823 |
Windows Server 2008 for x64-based Systems Service Pack 2 | CVE-2024-38063, CVE-2024-38140, CVE-2024-38193, CVE-2024-38199 | 5041838, 5041823 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | CVE-2024-38063, CVE-2024-38140, CVE-2024-38193, CVE-2024-38199 | 5041850, 5041847 |
Windows 11 Version 24H2 for x64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199 | 5041571 |
Windows 11 Version 24H2 for ARM64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199 | 5041571 |
Windows 11 Version 23H2 for x64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041585 |
Windows 11 Version 23H2 for ARM64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041585, 5039212 |
Windows 11 Version 22H2 for x64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041585, 5039212 |
Windows 11 Version 22H2 for ARM64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041585, 5039212 |
Windows 11 version 21H2 for x64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5039212 |
Windows 11 version 21H2 for ARM64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041592, 5039213 |
Windows 10 Version 22H2 for x64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041580, 5039211 |
Windows 10 Version 22H2 for ARM64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041580, 5039211 |
Windows 10 Version 22H2 for 32-bit Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041580, 5039211 |
Windows 10 Version 21H2 for x64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041580, 5039211 |
Windows 10 Version 21H2 for ARM64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041580, 5039211 |
Windows 10 Version 21H2 for 32-bit Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041580, 5039211 |
Windows 10 Version 1809 for x64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041578, 5039217 |
Windows 10 Version 1809 for ARM64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041578, 5039217 |
Windows 10 Version 1809 for 32-bit Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041578 |
Windows 10 Version 1607 for x64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38159, CVE-2024-38160, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041773 |
Windows 10 Version 1607 for 32-bit Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38159, CVE-2024-38160, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041773, 5039214 |
Windows 10 for x64-based Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041782, 5040448 |
Windows 10 for 32-bit Systems | CVE-2024-21302, CVE-2024-38063, CVE-2024-38106, CVE-2024-38107, CVE-2024-38140, CVE-2024-38178, CVE-2024-38193, CVE-2024-38199, CVE-2024-38213 | 5041782, 5040448, 5039225 |
Microsoft Project 2016 (64-bit edition) | CVE-2024-38189 | 5002561 |
Microsoft Project 2016 (32-bit edition) | CVE-2024-38189 | 5002561 |
Microsoft Office LTSC 2021 for 64-bit editions | CVE-2024-38189, CVE-2024-38200 | Click to Run |
Microsoft Office LTSC 2021 for 32-bit editions | CVE-2024-38189, CVE-2024-38200 | Click to Run |
Microsoft Office 2019 for 64-bit editions | CVE-2024-38189, CVE-2024-38200 | Click to Run |
Microsoft Office 2019 for 32-bit editions | CVE-2024-38189, CVE-2024-38200 | Click to Run |
Microsoft Office 2016 (64-bit edition) | CVE-2024-38200 | 5002625, 5002570 |
Citations:
[1] https://www.reddit.com/r/sysadmin/comments/1es09xf/fyi_cve202438063/
[2] https://www.tenable.com/cve/CVE-2024-38063
[3] https://www.cybermaxx.com/resources/cve-2024-38063/
[5] https://feedly.com/cve/CVE-2024-38063
[6] https://www.reddit.com/r/msp/comments/1es0ivo/security_headsup_cve202438063_windows_tcpip/
[7] https://www.crowdstrike.com/blog/patch-tuesday-analysis-august-2024/
To access your exclusive guide today, fill in the form below.