Patch Now! Windows IPv6 Flaw (CVE-2024-38063) PoC Released
A critical security vulnerability, identified as CVE-2024-38063, has been found in the IPv6 network stack of Windows 10/11 and Windows Server systems. This flaw allows for remote code execution without any user interaction by sending specially crafted packets to a target device. Microsoft has released security updates to address this issue, and users are urged to install these patches to mitigate the risk. Despite no current evidence of exploitation by hackers, a proof-of-concept (PoC) demonstrating how to exploit the vulnerability has been published on GitHub by a developer. The PoC is unstable but shows that the default network card driver, kdnic.sys, can be manipulated using the vulnerability. Users are advised to update their Windows systems or, if that's not possible, to disable IPv6 and use IPv4 instead. Windows Firewall configurations will not protect against this vulnerability since the attack compromises the database before reaching the firewall. CVEs: CVE-2024-38063 [View Article](https://securityexpress.info/patch-now-windows-ipv6-flaw-cve-2024-38063-poc-released/)