Back to board Open MSRC
MSRC compact vulnerability detail

CVE-2024-38063 · Windows TCP/IP Remote Code Execution Vulnerability

No description was published by MSRC.

Severity
Critical
Impact
Remote Code Execution
CVSS
9.8 base · 8.5 temporal
Release
2024-08-13
Signals
Windows TCP/IP Remote Code Execution Exploited: No Publicly disclosed: No Exploitability: Exploitation More Likely
CWE
CWE-191: Integer Underflow (Wrap or Wraparound)
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Old version New version
Description
No description was published by MSRC.
FAQ / Articles
Mitigation
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: Systems are not affected if IPv6 is disabled on the target machine.
FAQ
How could an attacker exploit this vulnerability? An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.
FAQ
Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.