On August 13, 2024, Microsoft disclosed a variety of vulnerabilities, including one for a critical remote code execution (RCE) vulnerability in the IPv6 subsystem for Windows. Microsoft has released patches to address these vulnerabilities.
An unauthenticated attacker could repeatedly send IPv6 packets to a vulnerable machine that if exploited, could allow for remote code execution (RCE) as the SYSTEM user.
All supported versions of Windows are affected, including 32-bit, 64-bit, home, and server.
For a specific list of operating systems, please review the Security Updates section of the vulnerability report from the Microsoft Security Response Center.
The UISO has not observed local attacks exploiting this vulnerability. Given the ubiquitous usage of Windows with IPv6 enabled by default, the UISO expects threat actors to weaponize this vulnerability quickly.
The UISO recommends applying the patch provided by Microsoft as soon as possible. If you are unable to patch this vulnerability, please disable IPv6 on devices you manage.
