CVE-2024-38063 - Windows TCP/IP Remote Code Execution Vulnerability. The occurrence of BSOD can lead to RCE while my code only causes BSOD. I am continuously analyzing the patch and testing to lead to the occurrence of RCE in the target system.
- Added SYN FLOOD and ICMP FLOOD attacks
To mitigate DDoS attacks using spoofed IP addresses, Windows restricts the ability to construct raw IP packets. For this reason, I opted to use Linux to develop my proof-of-concept. Whilst Linux does allow users to construct and send raw layer 2 and layer 3 packets, it requires the Python script to be run as root.
CVE-2024-38063 is a critical security vulnerability in the Windows TCP/IP stack that allows for remote code execution (RCE). The vulnerability is due to improper handling of IPv6 network packets by Windows, which can be exploited by an attacker to execute arbitrary code on a vulnerable system.
- CVE ID: CVE-2024-38063
- CVSS Score: 9.8 (Critical)
- Impact: Remote Code Execution
- Affected Components: Windows TCP/IP stack
- Exploitation Vector: Network (Remote)
An attacker can exploit CVE-2024-38063 by sending specially crafted IPv6 packets to a target machine. Due to the improper handling of these packets, the attacker can trigger a buffer overflow, leading to the execution of malicious code with escalated privileges. This can result in unauthorized access, data breaches, or complete system compromise.
This vulnerability affects all supported versions of Windows, including:
- Windows 10
- Windows 11
- Windows Server 2016, 2019, and 2022 (including Server Core installations)
This script automatically discovers IPv6 hosts on a specified network interface and optionally pings them. It supports various discovery methods including SLAAC (Stateless Address Autoconfiguration), DHCPv6, and RFC 7217 Opaque Addresses. The script can also perform dual-stack discovery (IPv4 and IPv6) and scan hosts using nmap.
- IPv6 Host Discovery: Automatically discovers IPv6 hosts on the specified interface.
- SLAAC, DHCPv6, and RFC 7217 Support: Handles various IPv6 address types.
- Ping Option: Optionally pings discovered hosts to verify connectivity.
- Dual Stack: Can show both IPv4 and IPv6 addresses.
- Nmap Integration: Option to scan hosts using
nmap. - Quiet Mode: Suppress output except for the discovered hosts.
- Avahi/Bonjour Support: mDNS (Multicast DNS) support for host discovery.
- Link-Local Discovery: Option to discover link-local addresses only.
ipcommand (orifconfigfor BSD/MacOS compatibility)ping6or unifiedpingcommand (modern Linux)nmap(optional, for scanning hosts)avahi-utils(optional, for mDNS)wireshark_oui.gz(optional, for resolving MAC addresses to manufacturers)
git clone https://github.com/cvmiller/v6discMicrosoft has released security patches to address this vulnerability as part of the August 2024 Patch Tuesday. It is strongly recommended to apply these patches immediately to protect your systems.
- Disable IPv6: If IPv6 is not required in your environment, consider disabling it to reduce the attack surface.
- Apply Security Updates: Ensure that all systems are updated with the latest security patches from Microsoft.
- Windows Update: Go to
Settings > Update & Security > Windows Updateand check for updates. - WSUS: Use Windows Server Update Services (WSUS) to deploy updates across your network.
- Manual Installation: Download the patches from the Microsoft Update Catalog and install them manually.
- Microsoft Security Advisory for CVE-2024-38063
- Tenable Security Response Team - August 2024 Patch Tuesday
- CVE Details and Mitigation
This document is provided for informational purposes only and does not constitute any legal obligation or warranty. Please refer to the official Microsoft documentation and advisory for comprehensive guidance.