Update Windows now, there are some worrying security hacks on the way

Experts warn of PoC for a critical severity Windows OS flaw

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

If you haven’t installed the security patches for Windows in the latestPatch Tuesdaycumulative update, you should probably hurry, as experts have released a proof-of-concept (PoC) for a critical severity flaw allowing crooks to mountremote code execution(RCE) attacks.

The vulnerability in question, which was addressed in the latest update, released on August 13, is tracked as CVE-2024-38063, and has a severity score of 9.8 (critical).

It is described as a Windows TCP/IP RCE flaw, in which an unauthenticated user could spam specially crafted IPv6 packets until they discover a vulnerable endpoint.

Patching the flaw

The only workaround is to disable IPv6 and just use IPv4 which, as you might imagine, isn’t ideal for many users. At the time the bug was discovered,Microsoftsaid thatWindows 10, 11, and Server versions were vulnerable, but that no one abused it yet. Still, given the severity of the flaw and the ease at which it might be exploited, Microsoft said it was “more likely” that it would start happening sooner or later. Now we know it was sooner, rather than later.

A white-hat hacker alias Ynwarcs released a PoC, saying “the easiest way to reproduce the vuln is by using bcdedit /set debug on on the target system and restarting the machine/VM”.

“This makes the default network adapter driver kdnic.sys, which is very happy to coalesce packets. If you’re trying to reproduce the vuln on a different setup, you’ll need to get the system in a position where it will coalesce the packets you sent.”

Stalling with patches (or outright ignoring them) is one of the bigger causes of many cyberattacks and data breaches. Sometimes it’s justified, as patches were known to break entire systems and cause havoc (just remember the snafu from the faulty CrowdStrike update recently). In this case, since the patch was not reported to be causing any major issues, installing it is very much advised.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaThe Register

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report