Developers Create Proof of Concept for Windows IPv6 Vulnerability, Paralyzing Devices with Specially Crafted Packets

Recently, a critical security vulnerability was identified in Windows 10/11 and Windows Server systems, located within the IPv6 network stack. This vulnerability allows attackers to trigger remote code execution by simply sending specially crafted packets to the target device, requiring no interaction from the user.

Given its potential for remote code execution and the lack of need for user interaction, the severity of this vulnerability is evidently high. Microsoft has already addressed this issue in the security update released in August, and users can immunize themselves against this vulnerability by installing the patch.

In the security bulletin, Microsoft emphasized that there was no evidence of the vulnerability being exploited by hackers. However, Microsoft also acknowledged that, given the nature of this vulnerability, it was inevitable that someone would find a way to exploit it. And now, that time has come.

On GitHub, developers have released a Proof of Concept (PoC) for this vulnerability. The existence of a PoC means that developers have figured out the basic method of exploiting the vulnerability, paving the way for further exploitation possibilities.

Developer @Ynwarcs stated that the current PoC code is quite unstable, but the simplest way to replicate the vulnerability is to use it on the target system with bcdedit /set debug on and then restart the target system or virtual machine.

This operation will enable the default network card driver, kdnic.sys, which is "very willing" to cooperate with the specially crafted packets. To replicate the vulnerability in different settings, the target system needs to be in a position where it can merge the sent packets.

The script provided by the developer also includes several fields to choose from, the most important of which is the target system's IPv6 address. Additionally, sending multiple batches of different packets increases the likelihood of causing stack issues and triggering the vulnerability.

Project address: https://github.com/ynwarcs/CVE-2024-38063

If your network environment provides an IPv6 address, make sure to install all the latest security updates on all Windows systems to patch the vulnerability. If it's temporarily impossible to install the updates, consider disabling the IPv6 settings in the network and using only IPv4 addresses.

Moreover, configuring the Windows Firewall cannot block attacks triggered by this vulnerability because the database is triggered before reaching the firewall. Therefore, setting up the firewall to filter IPv6 inbound and outbound traffic is ineffective.

IPv6(3)PoC(2)TCP/IP(1)Vulnerability(22)Windows 10(35)Windows 11(182)

Copyright Notice:
Thank you for reading. This article was written by Landian News, and the author is Brook.X. If you wish to repost this article, please include a link to the original: https://landian.news/article/3330.html

{{userData.name}}

Developers Create Proof of Concept for Windows IPv6 Vulnerability, Paralyzing Devices with Specially Crafted Packets

Microsoft Releases Windows 11 Dev Build 26120.1340 with Enhanced Mouse Control and Energy-Saving Options

Microsoft Significantly Enhances Windows Sandbox Functionality: Clipboard and File System Sharing Now Possible

Microsoft Fixes VPN Connection Issues Across All Versions of Windows 10/11 with Latest Cumulative Update

Asus Vivobook 14/15 Devices Encounter Blue Screen Crashes After Upgrading to Windows 11 24H2: Upgrade Postponed

Microsoft Lifts Update Ban for Windows and Office in Russia: What’s Next?

Netflix to Remove Offline Download Feature from Netflix for Windows 10/11 Apps

Microsoft plans to integrate AI into Windows 11 to help users handle sticky windows and even support OCR

Microsoft Acknowledges Longstanding SATA Bug in Windows 11: Here's How to Fix It

Microsoft Launches Windows 11 Build 26252 (Canary Channel) with Enhanced Lock Screen Content

Microsoft Delays Mandatory OOBE Updates on MDM Devices After IT Admin Feedback on Lack of Control

MAS v2.8: The Ultimate Free Activation Script for Windows & Office

Arc Browser Halts Development: What's Next for The Browser Company?

[Guide] Installing Microsoft Store on Windows 11 LTSC 2024 for Accessing Various Apps

Microsoft Once Again Delays the Launch of Windows Recall, Citing the Need for Further Refinement

Apple No Longer Requires Developers to Be in the EU for Debugging iOS Alternative Browser Engines/NFC, etc.

Apple Allows EU Users to Delete Core Apps Like App Store and Photos in iOS 18.2

OpenAI's ChatGPT for Windows/Mac Client Introduces Advanced Real-Time Voice Features

Linux Kernel Project Removes Entries of Several Russian Contributors Due to "Compliance Requirements"