Funnel overlay image

Blog | 3-minute Read

Microsoft IPv6: Protect your system against critical vulnerabilities

Ellis Southan

Threat Detection Engineer

Published: 26 September 2024

Microsoft’s August patch addresses a critical vulnerability in the Windows TCP/IP stack. We examine the threat and explain the simple way organisations can protect their systems against IPv6-based attacks.

In August, Microsoft released a security update for a critical vulnerability (CVE-2024-38063) in IPv6 in the Windows TCP/IP stack.

The flaw allows remote attackers to gain privileged access and execute malicious code. A vulnerability that poses serious threats to organisations and people.

In this blog, we’ll provide everything you need to know about the vulnerability and how you can protect your system.

The background

IPv6 in Windows TCP/IP stack has been subject to various vulnerabilities and exploitation in recent years.

So, what have been the causes?

Perhaps the main reason is that IPv6 is turned on by default in Windows, even if a network doesn’t use it.

This creates possible attack routes, especially since many organisations focus on securing IPv4 and ignore IPv6.

Furthermore, IPv6 has more complex protocols than IPv4, like Neighbour Discovery (NDP) and Router Advertisements (RA), all of which can be exploited.

Windows has long provided backward compatibility and legacy protocol support, which introduces additional vulnerabilities. For example, older IPv6 tunnelling protocols can be abused by attackers to bypass network security measures.

How the IPv6 vulnerability works

The vulnerability lies in the tcpip.sys driver, which manages network traffic in Windows.

When IPv6 is enabled, Windows attempts to process all incoming traffic using this protocol. Due to improper validation of incoming IPv6 packets, certain types of maliciously crafted packets can bypass security checks and execute arbitrary code on the system.

The packets trigger the flaw in the TCP/IP stack, bypassing normal security checks and allowing the malicious code to be executed​.

As this flaw can be exploited remotely, the attacker doesn’t need physical access to the machine. By sending specially constructed packets over the network, they’re able to gain the same privileges as the logged-in user, allowing them to take control of the system.

Which, obviously, poses a severe risk to your organisation.

The devastating potential of the IPv6 exploit

Once exploited, attackers can take over the compromised system, putting data, resources, and the entire system in serious jeopardy. The costs of which can be devastating to an organisation’s finances, operations, and reputation.

And with IPv6 being widely used and enabled by default on all Windows systems, it’s An exploit with the capacity to affect a great many users.

The attack is also scalable. There is no need for user interaction or direct physical access, which makes it a particularly attractive option for cybercriminals looking to launch widespread attacks.

Which is exactly why it’s imperative for organisations to act swiftly.

Mitigation: How to protect your system

Thankfully, Microsoft has released a patch for this vulnerability as part of their August 2024 Patch Tuesday report.

If you haven’t updated your systems yet, then we strongly advise immediate action.

In addition to applying the patch, Microsoft also advises the following action to further mitigate the risk:

Disable IPv6 if not required

This is the most effective solution. If your network does not rely on IPv6, disable it to close the vulnerability completely. Systems without IPv6 enabled are immune to this specific attack.

Final thoughts

The IPv6 vulnerability (CVE-2024-38063) underscores the importance of network security.

While it’s important for the growth of online activity to have these kinds of protocols enabled, we also need to be vigilant to the risks and challenges.

The critical nature of this vulnerability, combined with its ease of exploitation and potential for severe damage, highlights why addressing it promptly is essential.

Take the time to patch your systems, evaluate your use of IPv6, and ensure that your network is adequately protected from threats like this.

By doing so, you’ll safeguard your systems against future vulnerabilities and maintain a stronger security posture in an ever-evolving digital landscape.

Key takeaways

  • Microsoft patched a critical vulnerability (CVE-2024-38063) in Windows TCP/IP, enabling remote code execution.

  • The flaw allows attackers to exploit improperly validated IPv6 packets, bypassing security checks.

  • IPv6 is often ignored in favour of IPv4 security, despite being enabled by default in Windows.

  • Exploiting the flaw risks severe damage to systems, finances, and reputation.

  • Apply the patch and disable IPv6 if unused to mitigate the risk.

tag icon

Let's talk!

30-day free trials and flexible contracts

Book a free Discovery Call and learn more about our AI-powered security operations service, XDR Rapid Protect.

Get more information on:

  • 30-day free trials for new partnerships
  • Flexible, 30-day contracts (no lock-in)
  • Microsoft-funded proof of concepts
tag icon

Great protection starts here

Keep pace with the latest security threats

Sign up to receive the latest threat intelligence articles and reports from our SecOps team.

You’ll get:

  • Notifications of critical vulnerabilities
  • Recommendations to reduce your risk level
  • Expert advice to defend against new threats
Butterfly overlay image

Author

Ellis Southan

Threat Detection Engineer

Ellis has been working in security operations since 2017. He excels in incident analysis, security engineering, and cyber threat intelligence.

Butterfly overlay image

Got a question? Need more information?

Our expert team is here to help.