New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled
Petey_Long
Member
in News
"The worst is likely the bug in TCP/IP that would allow a remote, unauthenticated attacker to get elevated code execution just by sending specially crafted IPv6 packets to an affected target," Childs said.
"That means it's wormable. You can disable IPv6 to prevent this exploit, but IPv6 is enabled by default on just about everything."
Comments
https://lowendtalk.com/discussion/196914/cve-2024-38063-allows-rce-on-windows-machines-through-ipv6-packets#latest
I'm grateful someone here was able to get the info out quickly but to a layman, that post would mean nothing. If people aren't familiar with Microsoft security bulletins and don't know to look for the remedy section, not doing them a whole lot a good.
This is an easily digestible article that anyone here could read and understand
✓ All versions of Windows with IPv6 capabilities are affected
✓ Takes no interaction from the potential victim - just a computer online, running windows and have IPv6 enabled
✓ If possible, run Windows update
✓ If you can't install this week's update, disable IPv6 as a precaution, however, this may cause some Windows components to stop working
The most vulnerable and potential victims are people who aren't tech-savvy. Given the severity and easy exploitability of the flaw, it's in everyone's best interests to make it as easy as possible, for 1) People to realize they are vulnerable and 2) How to fix it
Don't take your inherent genius for granted
...time to turn on my windows machine again and get the patches...
where is @yoursunny
Become his own enemy by disable all ipv6 on the idlers
My favorite commands
Must be a misunderstanding because as "everybody knows", both Windows and IPv6 are "the solution", not a problem.
I think the worst part is that it affects all versions of Windows, many that will not get an update to fix..
I mean. This can be fixed by just disabling IPv6 on the PC or on the network. Disable it ok the network for each PC or the whole network if you don't even need it.
Yes...? Some of us do use it.
Thanks for this. I'd missed it and just got my Windows updates done. This post might have got more attention if the title was something like "Update your Windows VPS now!" becuase I suspect many people who needed to get the message will have missed it and this is a nasty one, (low complexity and potentially wormable) 😲