CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-38063

Critical Severity
Microsoft
SVRS
70/100
CVSSv3
9.8/10
EPSS
0.87183/1

CVE-2024-38063 is a critical remote code execution vulnerability in Windows TCP/IP. Exploiting this flaw could allow attackers to execute arbitrary code on affected systems.

This Windows TCP/IP vulnerability, known as CVE-2024-38063, allows for remote code execution, potentially giving attackers full control over a vulnerable machine. The CVSS score is a concerning 9.8. However, the SOCRadar Vulnerability Risk Score (SVRS) is 70, indicating a high, but not critical risk. Nevertheless, due to the 'In The Wild' tag, the existence of active exploits, and a vendor advisory, immediate patching is advised. This vulnerability arises from an integer overflow (CWE-191) within the TCP/IP stack. Successful exploitation could lead to complete system compromise. Applying the vendor-provided patch is essential to mitigate this risk.

TAGS
In The Wild
Exploit Avaliable
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
E:U
RL:O
RC:C
PUBLICATION DATE2025-04-15
LAST MODIFIED2024-08-13
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-38063 is a critical vulnerability in Windows TCP/IP that allows remote code execution. The vulnerability has a CVSS score of 9.8, indicating its high severity. SOCRadar's SVRS score of 56 highlights the urgency of addressing this threat.

Key Insights:

  • Active Exploitation: Active exploits have been published, indicating that hackers are actively exploiting the vulnerability.
  • High Impact: The vulnerability allows remote code execution, which could lead to complete system compromise.
  • Widely Used Software: Windows TCP/IP is a core component of Windows operating systems, making this vulnerability highly impactful.
  • Threat Actors: Specific threat actors or APT groups exploiting this vulnerability have not been identified.

Mitigation Strategies:

  • Apply Patches: Install the latest security updates from Microsoft to patch the vulnerability.
  • Disable TCP/IP: If patching is not immediately possible, disable TCP/IP on affected systems to prevent exploitation.
  • Use Network Segmentation: Implement network segmentation to limit the spread of potential attacks.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity and implement intrusion detection systems to detect and block exploitation attempts.

Additional Information:

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • Users with additional queries can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Windows TCP/IP - RCE Checker and Denial of Service2024-08-28
almogopp/Disable-IPv6-CVE-2024-38063-Fixhttps://github.com/almogopp/Disable-IPv6-CVE-2024-38063-Fix2024-08-20
Th3Tr1ckst3r/Denyv6https://github.com/Th3Tr1ckst3r/Denyv62024-09-02
Dragkob/CVE-2024-38063https://github.com/Dragkob/CVE-2024-380632024-11-16
KernelKraze/CVE-2024-38063_PoChttps://github.com/KernelKraze/CVE-2024-38063_PoC2024-09-01
proxykingdev/CVE-2024-38063https://github.com/proxykingdev/CVE-2024-380632024-08-16
p33d/cve-2024-38063https://github.com/p33d/cve-2024-380632024-08-18
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

www @ Savannah: Malware in Proprietary Software - Latest Additions
2025-04-08
www @ Savannah: Malware in Proprietary Software - Latest Additions | The initial injustice of proprietary software often leads to further injustices: malicious functionalities. The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice. We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies
gnu.org
rss
forum
news
Comment on Watch Out For The ‘0.0.0.0 Day’ Zero-Day Flaw Affecting Web Browsers by jbl0
jbl02025-04-01
Comment on Watch Out For The ‘0.0.0.0 Day’ Zero-Day Flaw Affecting Web Browsers by jbl0 | Curious there's nothing on lhn re: CVE-2024-38063Curious there’s nothing on lhn re: CVE-2024-38063
latesthackingnews.com
rss
forum
news
ISC StormCast for Thursday, August 15th, 2024
Dr. Johannes B. Ullrich2024-08-15
ISC StormCast for Thursday, August 15th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSI Malware; Windows IPv6 Vuln; Critical Ivanti Patch; Adobe Patches;MSI Malware https://isc.sans.edu/diary/Multiple%20Malware%20Dropped%20Through%20MSI%20Package/31168 Microsoft IPv6 Vulnerablity CVE-2024-38063 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 https://x.com/XiaoWei___/status/1823532146679799993/photo/1 Critical Ivanti Virtual Traffic Manager Patch CVE-2024-7593
sans.edu
rss
forum
news
ISC StormCast for Tuesday, August 20th, 2024
Dr. Johannes B. Ullrich2024-08-20
ISC StormCast for Tuesday, August 20th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Marshal Python Obfuscation; MacOS Entitlements and MSFT Apps; Digital Wallet Loophole; MSFT CVE-2024-38063 UpdateDo you like donuts? Here is a donut Shellcode Delivered Through PowerShell Python https://isc.sans.edu/diary/Do%20you%20Like%20Donuts%3F%20Here%20is%20a%20Donut%20Shellcode%20Delivered%20Through%20PowerShell%20Python/31182 How Vulnerabilities in Microsoft Apps for MacOS allow Stealing Permissions https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/ Digital Wallet Security Loophole <a href
sans.edu
rss
forum
news
ISC StormCast for Wednesday, August 21st, 2024
Dr. Johannes B. Ullrich2024-08-21
ISC StormCast for Wednesday, August 21st, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT IPv6 Vuln Update; MSFT August update and Linux boot issues; php cgi-bin exploited; f5 updatesWhere are we with CVE-2024-38063: Microsoft IPv6 Vulnerability https://isc.sans.edu/diary/Where+are+we+with+CVE202438063+Microsoft+IPv6+Vulnerability/31186 Microsoft August Update Prevents Linux from Booting https://community.frame.work/t/sbat-verification-error-booting-linux-after-windows-update/56354 PHP CGI Vulnerability Exploited CVE-2024-4577 <a href="https://symantec-enterprise-blogs.security.com
sans.edu
rss
forum
news
ISC StormCast for Tuesday, August 27th, 2024
Dr. Johannes B. Ullrich2024-08-27
ISC StormCast for Tuesday, August 27th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Obfuscated XWorm/Redline; Windows IPv6 PoC CVE-2024-38063;From Highly Obfuscated Batch File to XWorm and Redline https://isc.sans.edu/diary/From%20Highly%20Obfuscated%20Batch%20File%20to%20XWorm%20and%20Redline/31204 CVE-2024-38063 Windows IPv6 Issue PoC Exploit https://github.com/ynwarcs/CVE-2024-38063 Not a vulnerability https://github.com/juwenyi/CVE-2024-42992
sans.edu
rss
forum
news
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
2025-04-01
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6 | Performing a root cause analysis &amp; building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
malwaretech.com
rss
forum
news

Social Media

CVE-2024-38063 lets unauthenticated attackers carry out remote code execution by "repeatedly sending: https://t.co/hn4rI4CuDC
0
0
0
CVE-2024-38063 (CVSS 9.8): Windows RCE Vulnerability Found in Pepperl+Fuchs HMI Devices https://t.co/FDbmAhBemg
0
0
0
CVE-2024-38063 (CVSS 9.8): Windows RCE Vulnerability Found in Pepperl+Fuchs HMI Devices https://t.co/BbkoUK1K8P
0
0
1
CVE-2024-38063 (CVSS 9.8): Windows RCE Vulnerability Found in Pepperl+Fuchs HMI Devices Learn about the PEPPERL+FUCHS vulnerability that could allow remote code execution on HMI devices. Stay informed on CVE-2024-38063. https://t.co/ntXKEGN0SE
0
0
1
🗣 CVE-2024-38063 (CVSS 9.8): Windows RCE Vulnerability Found in Pepperl+Fuchs HMI Devices https://t.co/tOar3ML2qK
0
0
0
@LazyTourer @baxiabhishek CVE-2024-38063 can lead to remote code execution if IPv6 configurations are overlooked on legacy systems that predominantly use IPv4.
0
0
0
@AdrianDittmann Windows TCP/IP Remote Code Execution Vulnerability Security Vulnerability : CVE-2024-38063 https://t.co/F1geCzG9Zf
0
0
0
Do you think that after EternalBlue there're no exploits to gain access to your Windows system? Then I have bad news for you. CVE-2024-38063 can lead to denial of service as well as remote code execution via specially crafted IPv6 packets. https://t.co/c6DoqTLVWF @three_cube https://t.co/W8KxKwd15M
0
0
2
Israel’s HYP faced major attacks this November: 1)A DDoS hit their CreditGuard product, as reported by @Jerusalem_Post. The threat actor remains unknown. 2)A BreachForums Threat Actor named "CornDB" claims to have exploited CVE-2024-38063, stealing 1.7 million records, which
1
0
1
@Jerusalem_Post Coincidence? Nah, if it was an actual DDoS, hacktivist groups would've rushed to claim the attacks in Telegram groups. But if you look at the second attack, it involves CVE-2024-38063, which is related to an IPv6 vulnerability on Windows. It could be that the threat actor was
1
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_1507
OSMicrosoftwindows_10_1607
OSMicrosoftwindows_10_1809
OSMicrosoftwindows_11_21h2
OSMicrosoftwindows_10_21h2
OSMicrosoftwindows_11_22h2
OSMicrosoftwindows_10_22h2
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_11_23h2
OSMicrosoftwindows_server_2012
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_server_2022_23h2
OSMicrosoftwindows_server_2008
OSMicrosoftwindows_server_2019

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
WINDOWS TCP/IP REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
WINDOWS TCP/IP REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063

CWE Details

CWE IDCWE NameDescription
CWE-191Integer Underflow (Wrap or Wraparound)The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence