Proof-of-Concept Exploit for Zero-Click Vulnerability Now Accessible to Public

August 27, 2024

A critical zero-click vulnerability in Windows TCP/IP, tracked as CVE-2024-38063, has been exposed to the public through a proof-of-concept (PoC) exploit. The PoC exploit code was released on GitHub by a security researcher known as 'Ynwarcs', following an initial discovery of the flaw by XiaoWei of Kunlun Lab.

This vulnerability is a remote code execution flaw that impacts all Windows systems with IPv6 enabled. It allows threat actors to exploit Windows 10, Windows 11, and Windows Server systems without requiring any user interaction. The availability of the PoC exploit code on GitHub not only provides a learning resource for developers and researchers but also potentially makes it easier for malicious actors to take advantage of the vulnerability.

In response to this situation, Microsoft has urged users to promptly apply the latest security updates to mitigate the potential threats posed by this flaw. Organizations that run Windows systems with IPv6 are advised to apply patches immediately and to keep a close eye on any unusual IPv6 packet activity.

Related News

• Critical Zero-Click Windows TCP/IP RCE Vulnerability Affects All IPv6-Enabled Systems: Urgent Patch Needed

Latest News

• Critical Atlassian Confluence Flaw Exploited for Cryptojacking
• Iranian Hackers Collaborate with Ransomware Gangs for Extortion
• APT-C-60 Group Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor
• Unprotected LLM Servers Expose Sensitive Corporate and Health Data
• Windows 'Downdate' Tool Allows Downgrade Attacks on Updated Systems