CVE-2021-26424 | MSRC Compact Detail

Severity

n/a

Impact

n/a

CVSS

n/a base · n/a temporal

Release

2021-08-10

Signals

Windows TCP/IP Unknown impact Exploited: No Publicly disclosed: No Exploitability: Exploitation More Likely

CWE

No CWE data published.

Patch Diff

Loading module diff metadata...

Resolved binary override

Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.

Old version New version

Description

No description was published by MSRC.

FAQ / Articles

FAQ

How could an attacker exploit this vulnerability? This vulnerability is remotely triggerable by a malicious Hyper-V guest that sends an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host utilizing the TCPIP Protocol Stack (tcpip.sys) to process packets. Is this attack specific to Hyper-V or applicable to all hypervisor technologies? This attack is specific to Hyper-V. Systems that do not have Hyper-V installed are not at risk. Will disabling IPV6 mitigate this vulnerability? Yes. Disabling IPV6 will block the threat vector. See Guidance for configuring IPv6 in Windows for advanced users for instructions for disabling IPV6.

MSRC Fields

Module / Tag

Windows TCP/IP

Release number

2021-Aug

Latest revision

2021-08-17

CNA

Microsoft

Customer action

required

Denial of service

N/A

CVSS Vector

n/a

References

MSRC

Official detail

CVE Record

CVE.org

Revision History

v1 · 2021-08-10

Information published.

v1.1 · 2021-08-17

Updated FAQ information. This is an informational change only.

CVE-2021-26424 · Windows TCP/IP Remote Code Execution Vulnerability