Update Windows now, there are some worrying security hacks coming
If you haven’t installed the Windows security patches in the latest cumulative Patch Tuesday update, you’ll need to act fast. Experts have released a proof-of-concept (PoC) for a serious vulnerability that could allow criminals to launch remote code execution (RCE) attacks.
The vulnerability in question, which was fixed in the latest update dated August 13, is tracked as CVE-2024-38063 and has a severity score of 9.8 (critical).
It is described as a Windows TCP/IP RCE vulnerability, which allows an unauthenticated user to spam specially crafted IPv6 packets until they discover a vulnerable endpoint.
Fixing the Defect
The only workaround is to disable IPv6 and just use IPv4, which, as you can imagine, isn’t ideal for many users. When the bug was discovered, Microsoft said that Windows 10, 11, and Server versions were vulnerable, but that no one had yet exploited it. Still, given the severity of the flaw and the ease with which it could be exploited, Microsoft said it was “more likely” that it would happen sooner rather than later. Now we know it was sooner rather than later.
A white-hat hacker, aka Ynwarcs, released a PoC stating that “the easiest way to reproduce the vulnerability is to use bcdedit /set debug on on the target system and reboot the machine/VM”.
“This breaks the default network adapter driver kdnic.sys, which is very fond of concatenating packets. If you try to reproduce the vulnerability on a different setup, you will need to put the system in a position where it will concatenate the packets you sent.”
Delaying patches (or simply ignoring them) is one of the biggest causes of many cyberattacks and data breaches. Sometimes it is justified, as patches have been known to break entire systems and cause chaos (think of the recent CrowdStrike update failure). In this case, it is highly recommended to install the patch, as it has not been reported to cause any major issues.
Via The register
