"Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw"

Security experts urge Windows system administrators to patch a pre-auth Remote Code Execution (RCE) vulnerability in the Windows TCP/IP stack, warning that zero-click exploitation is highly likely. Not many technical details have been released on the vulnerability, tracked as CVE-2024-38063. However, Microsoft's documentation suggests that a worm-like attack is possible on the latest versions of its flagship operating system. According to Microsoft, an unauthenticated attacker could repeatedly send IPv6 packets, including specially crafted packets, to a Windows machine, allowing RCE. This article continues to discuss the wormable, pre-auth RCE vulnerability in the Windows TCP/IP stack that Windows administrators must patch.

SecurityWeek reports "Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw"

Submitted by grigby1