Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw
SecurityWeek
|
Summary
Security experts are urging Windows administrators to immediately patch a critical remote code execution vulnerability in the Windows TCP/IP stack (CVE-2024-38063), which can be exploited without user interaction. Microsoft has issued a high-severity bulletin, assigning this vulnerability a CVSS score of 9.8/10, and highlighted the ease with which attackers could craft exploits. The flaw, discovered by Chinese researcher Xiao Wei, could allow an attacker to send specially crafted IPv6 packets to a target machine, enabling remote code execution. As part of its recent Patch Tuesday release, Microsoft addressed this and six other actively exploited zero-days, underscoring the need for prompt action to mitigate these significant security risks.