Update Windows now, there are some worrying security hacks on the way
Experts warn of PoC for a critical severity Windows OS flaw
If you haven’t installed the security patches for Windows in the latest Patch Tuesday cumulative update, you should probably hurry, as experts have released a proof-of-concept (PoC) for a critical severity flaw allowing crooks to mount remote code execution (RCE) attacks.
The vulnerability in question, which was addressed in the latest update, released on August 13, is tracked as CVE-2024-38063, and has a severity score of 9.8 (critical).
It is described as a Windows TCP/IP RCE flaw, in which an unauthenticated user could spam specially crafted IPv6 packets until they discover a vulnerable endpoint.
Patching the flaw
The only workaround is to disable IPv6 and just use IPv4 which, as you might imagine, isn’t ideal for many users. At the time the bug was discovered, Microsoft said that Windows 10, 11, and Server versions were vulnerable, but that no one abused it yet. Still, given the severity of the flaw and the ease at which it might be exploited, Microsoft said it was “more likely” that it would start happening sooner or later. Now we know it was sooner, rather than later.
A white-hat hacker alias Ynwarcs released a PoC, saying “the easiest way to reproduce the vuln is by using bcdedit /set debug on on the target system and restarting the machine/VM”.
"This makes the default network adapter driver kdnic.sys, which is very happy to coalesce packets. If you're trying to reproduce the vuln on a different setup, you'll need to get the system in a position where it will coalesce the packets you sent."
Stalling with patches (or outright ignoring them) is one of the bigger causes of many cyberattacks and data breaches. Sometimes it’s justified, as patches were known to break entire systems and cause havoc (just remember the snafu from the faulty CrowdStrike update recently). In this case, since the patch was not reported to be causing any major issues, installing it is very much advised.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via The Register
More from TechRadar Pro
- One of Microsoft’s biggest Windows 11 updates yet brought a massive number of security flaw fixes
- Here's a list of the best firewall software around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.