iNSIGHTNOW has observed a cyber incident on windows devices where adversaries were able to compromise the company system with TCP/IP remote code execution that impacts all Windows system with IPv6 enabled .
Brief Description
A security bug found recently tracked as CVE-2024-38063 is caused by an Integer Underflow weakness, which attackers could exploit to trigger buffer overflows that can be used to execute arbitrary code on vulnerable Windows 10, Windows 11, and Windows Server systems. The vulnerability would allow a remote, unauthenticated attacker to get elevated code execution just by sending specially crafted IPv6 packets to an affected target
iNSIGHTNOW would like to recommend to our customer to implement pre-emptive measures in order to prevent this cyber-attack disrupting your organization and business.
Impact
Possible remote access, personal data leakage, disruption of service, possible other IPv6 exploits (Ping of Death, Denial of Service, etc)
Why do you get this alert?
Microsoft has release a patch on Windows system and urge users to update the patch as soon as possible and label it as critical priority
iNSIGHTNOW Action
As of now, there are no IOC regarding CVE-2024-38063. We will continue our monitoring activity for this exploit and closely monitor any remote access from external IP in your network
Our team will monitor and inform the customer we detected any anomaly happen on your environment.
What you need to do?
It is advised to update the latest update on all windows devices or temporary disable IPv6 if an update could not be apply immediately
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063