Microsoft addresses a high-severity flaw in Windows TCP/IP stack enabling remote code execution without authentication. Unpatched systems face significant risk.
Microsoft has released critical patches for CVE-2024-57804, a remote code execution vulnerability affecting multiple Windows versions. Attackers exploiting this flaw could gain full system control without user interaction. Immediate patching is required.
Affected Systems
- Windows 10 versions 21H2 and 22H2
- Windows 11 versions 21H2, 22H2, and 23H2
- Windows Server 2019
- Windows Server 2022 Unsupported Windows versions may also be vulnerable.
Technical Analysis
The vulnerability resides in the Windows TCP/IP networking stack. Attackers can trigger it by sending specially crafted IPv6 packets to exposed systems. Successful exploitation bypasses authentication entirely. This allows arbitrary code execution at the kernel level. Network-accessible devices are primary targets.
Microsoft assigned a CVSS v3.1 score of 8.8 (High). The attack vector is network-based. Complexity is low. No privileges or user action are needed. Impact is complete system compromise.
Mitigation Steps
- Install June 2024 security updates immediately via Windows Update or Microsoft Update Catalog
- Verify patch installation using KB5039212 for Windows 11 23H2 or KB5039211 for Windows 10 22H2
- Block TCP port 445 at firewalls to reduce exposure
- Enable automatic updates for enterprise systems
Timeline
- Vulnerability reported: April 15, 2024
- Patch released: June 11, 2024
- Public disclosure: June 11, 2024
Review the Microsoft Security Advisory for technical details. The Security Update Guide provides broader patch information. Organizations should prioritize this update due to exploit likelihood.
Comments
Please log in or register to join the discussion