Remote code execution in Microsoft Windows TCP/IP

1) Integer underflow

EUVDB-ID: #VU95842

Risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2024-38063

CWE-ID: CWE-191 - Integer underflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow in Windows TCP/IP. A remote attacker can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.4780, 10 22H2 10.0.19045.4529, 10 22H2 10.0.19045.4780, 10 1507 10.0.10240.20751, 10 1607 10.0.14393.7259, 10 1809 10.0.17763.6189, 11 21H2 10.0.22000.3147, 11 22H2 10.0.22621.4037, 11 23H2 10.0.22631.4037

Windows Server: before 2008 R2 6.1.7601.27277, 2008 6.0.6003.22825, 2012 R2 6.3.9600.22134, 2012 6.2.9200.25031, 2016 10.0.14393.7259, 2022 10.0.20348.2655

CPE2.3

• cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-38063

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.