We want to inform you about a severe vulnerability recently discovered, identified as CVE-2024-38063. This vulnerability affects all supported versions of Windows with IPv6 enabled. It allows remote code execution without any user interaction, posing a security risk to your Windows VPS, VDS, and dedicated servers.
Vulnerability Details:
- Name: CVE-2024-38063
- Type: Zero-click Remote Code Execution (RCE)
- Impact: Potential full system control by a remote attacker
- Affected Systems: All versions of Windows with IPv6 enabled
- Max Severity: Critical
Steps To Mitigate
Please make sure to carry out the following actions:
Apply the Patch: Microsoft has issued an urgent security patch. It is essential to update your systems promptly to prevent potential exploits. The patch was released by the microsoft on August 13, 2024.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
Disable IPv6 (if not needed): If you do not use IPv6, we recommend temporarily disabling it until the patch is applied.
You can follow the How to disable IPv6 on Windows 10/11/2016/2019 and 2022? article to disable the IPv6 on Windows.
Monitor Network Traffic: Pay close attention to IPv6 traffic to identify any suspicious activities.
Conclusion
The CVE-2024-38063 vulnerability is a critical threat to Windows servers, especially if IPv6 is enabled. To protect your systems and infrastructure, we recommend disabling IPv6 and applying available patches from Microsoft.