Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
PoC Exploit for Zero-Click Vulnerability Made Available to the Masses
The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.
1 Min Read
Source: Ascannio via Alamy Stock Photo
A security researcher named "Ynwarcs" has published analysis of a proof-of-concept exploit code for a critical zero-click vulnerability in Windows TCP/IP.
The vulnerability is tracked as CVE-2024-38063, and is a remote code execution flaw that affects all Windows systems that have IPv6 enabled.
Originally discovered by XiaoWei of Kunlun Lab, CVE-2024-38063 can be exploited by threat actors on Windows 10, Windows 11, and Windows Server systems, requiring no user interaction.
Ynwarcs has released a PoC exploit code for the flaw, which is now available on GitHub and for developers and researchers to study, but this also makes it more likely that bad actors will take advantage of the vulnerability.
Microsoft has encouraged users to apply the latest security updates available as soon as possible to mitigate the potential threats of the flaw. Organizations running Windows systems IPv6 should apply patches immediately and monitor any unusual IPv6 packet activity.
About the Author
You May Also Like
More Insights
