H-ISAC TLP White: Vulnerability Bulletin: Critical TCP/IP RCE on IPv6-Enabled Systems

On August 13, 2024, Microsoft released a patch for a critical Windows TCP/IP Remote Code Execution Vulnerability labeled CVE-2024-38063. The vulnerability, which carries a CVSS score of 9.8, arises from an Integer Underflow weakness. This flaw allows unauthenticated attackers to trigger buffer overflows and execute arbitrary code on Windows 10, Windows 11, and Windows Server systems. 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272