关联漏洞
标题:
Microsoft Windows TCP/IP component 数字错误漏洞
(CVE-2024-38063)
描述:Microsoft Windows tcp/ip是美国微软(Microsoft)公司的一个 Windows 的 Tcp/Ip 支持服务。 Microsoft Windows TCP/IP component存在数字错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 f
介绍
# **Windows CVE-2024-38063**
* CVE ID: **CVE-2024-38063**
* CVSS 3.1 Score: **9.8 (Critical)**
* EPSS Score: **Low - 0.088%** (https://www.cvedetails.com/epss/CVE-2024-38063/epss-score-history.html)
* Impact: **Remote Code Execution**
* Affected Components: **Windows TCP/IP stack**
* Attack Vector: **Network (Remote)**
## Vulnerability Details
CVE-2024-38063 is a critical vulnerability that can be exploited by sending specially crafted IPv6 packets to a target machine. This vulnerability arises from improper handling of certain IPv6 packet structures, allowing an attacker to trigger a buffer overflow. Exploiting this flaw can enable the attacker to execute arbitrary malicious code with escalated privileges, potentially gaining full control of the affected system.
The consequences of this vulnerability are severe, including unauthorized access, data theft, data breaches, and even total system compromise. Additionally, the exploit could be leveraged to establish persistent backdoors, disable critical services, or pivot to other systems within the network. The risk is further exacerbated if the target system is exposed to the internet or resides in a sensitive network environment.
## Affected Versions
**Client Versions**:
* ```Windows 10``` (all versions)
* ```Windows 11``` (all versions)
**Server Versions**:
* ```Windows Server 2008``` (all editions)
* ```Windows Server 2008 R2```
* ```Windows Server 2012 and 2012 R2```
* ```Windows Server 2016```
* ```Windows Server 2019```
* ```Windows Server 2022```
# **Mitigations and Patching**
### **Manual Patching**:
Navigate to the following link: https://securityvulnerability.io/vulnerability/CVE-2024-38063 and scroll down to ```Security Updates```, then find the appropiate version for your system.
### **Automated Patching - Windows Update**:
1. ```Settings -> Update & Security -> Windows Update``` and click ```Check for updates```
## Mitigations for Business Critical / PCN Systems
In situations where a system reboot may not be practical, such as in a Process Control Network, an OT environment, or any business critical system, the following commands can be used to effectively mitigate potential risks and ensure continued operation.
**Show all adapters that have IPV6 enabled**:
```
Show-IPV6enabledAdapters
```
**Disable IPv6 on a specific adapter**:
```
Disable-IPV6Adapter -AdapterName "Ethernet 2"
```
**Enable IPv6 on a specific adapter**:
```
Enable-IPV6Adapter -AdapterName "Ethernet 2"
```
**Disable IPv6 on all adapters**:
```
Disable-IPV6AllAdapter
```
## References
* https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
* https://securityvulnerability.io/vulnerability/CVE-2024-38063
## Disclaimer
This document is intended for informational purposes only and does not create any legal obligations or guarantees. For detailed guidance, please consult the official Microsoft documentation and advisories.
文件快照
[4.0K] /data/pocs/68e5f9fc5da3a4f349e6f7f87b4506fbe3a5e618
├── [1.0K] LICENSE
└── [2.9K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。