Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎08-15-2024 05:23 PM
‎08-15-2024 05:23 PM

Windows TCP/IP Remote Code Execution Vulnerability

Hi All

 

Get ready this is a big one!

 

An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.

 

For those who have gone IPv6.

 

Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?

The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.

 

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38063

 

Regards

 

Caute_Cautim

 

Reply
1 Reply
denbesten
Community Champion
‎08-15-2024 08:46 PM
‎08-15-2024 08:46 PM

I guess I am really fortunate that my VPN provider does not support IPv6 (meaning we have to disable IPv6 on the clients), that we have not assigned IPv6 addresses to our firewalls, and that we do not route IPv6 internally.  Limits the scope of vulnerability pretty much to our servers and even then only from on-segment attackers.

Reply