2024-08-28
POC Code for Critical IPv6 Flaw has Been Released
Users are urged to update Windows to ensure they have addressed CVE-2024-38063, a critical remote code execution vulnerability that Microsoft released on Tuesday, August 13 as part of their August Patch Tuesday. Proof-of-concept exploit code for the integer underflow issue has been made available.
Editor's Note
Luckily, the released code will only cause a system to crash, and triggering even the DoS condition is not fully reliable. Finding paths to code execution will be tricky. Let's hope exploit developers are not going to surprise us with a solution anytime soon.
Johannes Ullrich
This one is still fragile as an exploit, but it works. However, the exploit is complicated and, over time, maybe weaponized. I'm not a fan of disabling IPv6Ó at the network adapter layer, as I've been through this movie before. We had the same conversations in the Novell IPX/SPX and IPv4 days. Once you get to 'enabling IPv6, you may find it's not as easy as disabling it. I prefer to patch the systems and properly route IPv6; if you cannot, disable IPv6. Do not leave IPv6 untouched; that is also a vector for adversary in-the-middle attacks.
Moses Frost
You're thinking, 'Switch to IPv6 they said; it'll be secure they said.' They weren't wrong - implementation details are where things can go south. At the time the patch was released on August 13, there weren't any known POCs or exploits. If you've already rolled out the update, you're good. If you're still doing analysis, time to step it up. Then go back and make sure you're following the current best practices for a secure IPv6 rollout.