Remote code execution affecting IPv6 in Windows products.

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

1:00pm, 16 August 2024

TLP Rating: Clear

Remote code execution affecting IPv6 in Windows products.

A critical vulnerability is impacting IPv6 in Windows 10, Windows 11, and Windows Server.

 

What's happening

Systems affected

The vulnerability impacts Windows 10, Windows 11, and Windows Server. 

The vulnerability requires IPv6 to be enabled. 

What to do

Prevention

Update to the latest version.  
 
Update version numbers and more details on how to do the updates are on the Microsoft website (see the More Information section below)  

Mitigation

Disabling IPv6 prevents the system from being affected. 
 
More information on how to mitigate the vulnerability is on the Microsoft website (see the More Information section below). 

More information

Microsoft's page on the vulnerability. 
CVE-2024-38063 - Security Update Guide - Microsoft - Windows TCP/IP Remote Code Execution Vulnerability  External Link
 
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ. 
Report an incident to CERT NZ