U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack

Microsoft addressed a critical zero-click Windows remote code execution (RCE) in the TCP/IP stack that impacts all systems with IPv6 enabled. Microsoft urges customers to fix a critical TCP/IP remote code execution (RCE) flaw, tracked as CVE-2024-38063 (CVSS score 9.8), in the TCP/IP stack. The vulnerability impacts all systems with IPv6 enabled (IPv6 is enabled by […]

Microsoft Office zero-day

Microsoft addressed a critical zero-click Windows remote code execution (RCE) in the TCP/IP stack that impacts all systems with IPv6 enabled.

Microsoft urges customers to fix a critical TCP/IP remote code execution (RCE) flaw, tracked as CVE-2024-38063 (CVSS score 9.8), in the TCP/IP stack. The vulnerability impacts all systems with IPv6 enabled (IPv6 is enabled by default).

An unauthenticated attacker can exploit the flaw by repeatedly sending IPv6 packets, including specially crafted packets, to a Windows machine which could lead to remote code execution.

Microsoft confirmed that a threat actor can exploit this flaw in a low-complexity attack and its exploitability assessment labels the issue as “exploitation more likely.” This label suggests that Microsoft is aware of past instances of this type of vulnerability being exploited.

Kunlun Lab’s XiaoWei discovered the flaw several months ago, he urged customers to apply the patches because the “exploitation is more likely.”

The flaw is a buffer overflow issue that can be exploited to achieve arbitrary code execution on vulnerable Windows 10, Windows 11, and Windows Server systems.

XiaoWei pointed out that blocking IPv6 on the local Windows firewall cannot prevent the exploitation of the issue because the vulnerability is triggered before it is processed by the firewall.

Microsoft recommends disabling IPv6 as a mitigation measure.

The issue was addressed by Microsoft with the release of Patch Tuesday security updates for August 2024 that also fixed the following actively exploited flaws:

CVETitleSeverityCVSSPublicExploitedType
CVE-2024-38189Microsoft Project Remote Code Execution VulnerabilityImportant8.8NoYesRCE
CVE-2024-38178Scripting Engine Memory Corruption VulnerabilityImportant7.5NoYesRCE
CVE-2024-38193Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant7.8NoYesEoP
CVE-2024-38106Windows Kernel Elevation of Privilege VulnerabilityImportant7NoYesEoP
CVE-2024-38107Windows Power Dependency Coordinator Elevation of Privilege VulnerabilityImportant7.8NoYesEoP
CVE-2024-38213Windows Mark of the Web Security Feature Bypass VulnerabilityModerate6.5NoYesSFB

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, TCP/IP)