Windows Admins Are Urged To Patch TCP/IP Zero Click Security Exploit

This one’s important, so let’s get right to it: a new security flaw in all versions of Windows opens the door for a wormable remote code execution vulnerability. That means it can be exploited by an automated worm with zero user interaction required, and it gives the remote attacker the ability to execute code on the targeted system without authentication. This is exactly as bad as it sounds.

To put it in perspective for you, Microsoft assigned this issue, known as CVE-2024-38063 a severity score of 9.8 out of a possible 10. This is just about as bad as it gets. Affected systems that are exposed to the internet using IPv6—that means basically all Windows systems at this point—could be attacked and compromised in an automated fashion, even if the machine is secure and the user does nothing to approve or allow the exploit.

The attack, which was discovered by Chinese researcher Xiao Wei of Cyber KunLun, said that he discovered it “several months ago” and reported it to Microsoft. Speaking on Xwitter, Wei said “Considering its harm, I will not disclose more details in the short term.” The MSRC page is a little more informative; it says that an attacker can “repeatedly send … specially crafted IPv6 packets … which could enable remote code execution.”

Fortunately, Microsoft has already patched this particular bug along with six other zero-day vulnerabilities that are being actively exploited in the wild. To protect yourself, all you need to do is make sure you have the latest Windows updates. The other zero-days comprised privilege escalation flaws and remote code execution flaws in a variety of Windows and Office components, including a flaw rated 8.8/10 related to Office’s macro features.

If for whatever reason you can’t update right now, an easy mitigation is to simply disable IPv6, although this will break internet access for a lot of people outside of the first world. Ultimately everyone needs to get updated as fast as possible; bugs like this are a stark reminder of why Microsoft mandated automatic updates in Windows 10.

The Limitations of Set Theory in Understanding Biological Evolution | HackerNoon

Authors: (1) STUART KAUFFMAN; (2) ANDREA ROL. Table of Links Abstract and Introduction Part I. A Definition of Life Part II. The first Miracle: The

August 18, 2024

Corsair One i500 SFF gaming PC with ‘next-gen’ components will be unveiled on May 6

Corsair has officially teased its new One i500 compact gaming PC, which will be revealed on May 5 sporting “next-gen components”. The official tease was

April 29, 2024

AMD Zen 5 Desktop And Mobile Ryzen CPUs Break Cover On Shipping Manifest

It’s been a year and a half since AMD launched its Socket AM5 platform and its Zen 4 desktop processors, so the time is nigh

March 29, 2024

Supercharge Your Portfolio with Future Tech Stocks!

Join us for Profitable Insights & Expert Tips!

With expert analysis, comprehensive market coverage, and actionable insights, our newsletter equips you with the knowledge & tools necessary to make informed decisions & maximize your potential returns in the dynamic world of future tech stocks.