Windows exposes serious security bugs again, can be hacked through IPV6 without user authentication
On August 14th, according to Microsoft's official disclosure, Windows system has recently exposed a serious security bugs, numbered CVE-2024-38063, which affects all supported Windows versions, including Windows11, Windows10 and multiple versions of WindowsServer. The vulnerability has a CVSS3.1 score of 9.8, which belongs to the "important" level. Attackers can remotely invade devices through specially crafted IPv6 data packets and execute arbitrary code. The vulnerability exists in the TCP/IP network stack of Windows and is a serious remote code execution vulnerability.
An attacker can trigger the vulnerability and remotely executable code by repeatedly sending specially crafted IPv6 data packets to Windows devices without user interaction or authentication. Microsoft strongly recommends that all users update to the latest version of Windows as soon as possible. Microsoft is releasing relevant patches to fix this vulnerability. Disabling IPv6 temporarily prevents the vulnerability from being exploited.