Windows Admins Are Urged To Patch TCP/IP Zero Click Security Exploit

This one’s important, so let’s get right to it: a new security flaw in all versions of Windows opens the door for a wormable remote code execution vulnerability. That means it can be exploited by an automated worm with zero user interaction required, and it gives the remote attacker the ability to execute code on the targeted system without authentication. This is exactly as bad as it sounds.

To put it in perspective for you, Microsoft assigned this issue, known as CVE-2024-38063 a severity score of 9.8 out of a possible 10. This is just about as bad as it gets. Affected systems that are exposed to the internet using IPv6—that means basically all Windows systems at this point—could be attacked and compromised in an automated fashion, even if the machine is secure and the user does nothing to approve or allow the exploit.

The attack, which was discovered by Chinese researcher Xiao Wei of Cyber KunLun, said that he discovered it “several months ago” and reported it to Microsoft. Speaking on Xwitter, Wei said “Considering its harm, I will not disclose more details in the short term.” The MSRC page is a little more informative; it says that an attacker can “repeatedly send … specially crafted IPv6 packets … which could enable remote code execution.”

Fortunately, Microsoft has already patched this particular bug along with six other zero-day vulnerabilities that are being actively exploited in the wild. To protect yourself, all you need to do is make sure you have the latest Windows updates. The other zero-days comprised privilege escalation flaws and remote code execution flaws in a variety of Windows and Office components, including a flaw rated 8.8/10 related to Office’s macro features.

If for whatever reason you can’t update right now, an easy mitigation is to simply disable IPv6, although this will break internet access for a lot of people outside of the first world. Ultimately everyone needs to get updated as fast as possible; bugs like this are a stark reminder of why Microsoft mandated automatic updates in Windows 10.

Coach brings its Spring 2024 collection to Roblox and Zepeto

GamesBeat is excited to partner with Lil Snack to have customized games just for our audience! We know as gamers ourselves, this is an exciting

July 18, 2024

Does Generative AI Violate the Rights of Authors and Artists? | HackerNoon

Authors, artists, and their employers are furious over generative artificial intelligence (AI) – chatbots that write novels and news copy, image generators that create artwork

July 7, 2024

Intel’s new fab in Germany finds 6000-year-old ancient burial ground from human sacrifice

Intel’s new semiconductor chip plant in Germany has had archaeologists working on the site discovering two prehistoric burial mounds with human, and animal remains from

March 25, 2024

Supercharge Your Portfolio with Future Tech Stocks!

Join us for Profitable Insights & Expert Tips!

With expert analysis, comprehensive market coverage, and actionable insights, our newsletter equips you with the knowledge & tools necessary to make informed decisions & maximize your potential returns in the dynamic world of future tech stocks.