Microsoft warns of a critical remote code execution flaw in Windows TCP/IP stack allowing unauthenticated attackers to compromise systems via specially crafted packets.
Microsoft has issued an emergency security alert for CVE-2025-68729, a critical remote code execution vulnerability in Windows TCP/IP stack implementation. This flaw affects all supported Windows client and server versions. Attackers can exploit it without authentication by sending malicious network packets.
Severity Rating: CVSS v3.1 score 9.8 (Critical)
Affected Products:
- Windows 11 versions 22H2 and 23H2
- Windows 10 versions 21H2 and 22H2
- Windows Server 2022
- Windows Server 2019
Technical Analysis: The vulnerability resides in how Windows processes IPv6 routing headers. Malformed packets trigger memory corruption errors. Exploitation enables full system control. No user interaction is required. Attacks can originate from local networks or the internet.
Mitigation Steps:
- Apply Microsoft's emergency update via Windows Update
- Block TCP ports 139/445 at network perimeter
- Enable Windows Defender Firewall with strict inbound rules
Timeline:
- Vulnerability discovered: April 2025
- Coordinated disclosure: May 13, 2025
- Patches released: May 13, 2025 Patch Tuesday
Microsoft confirms active exploitation attempts detected. System administrators should prioritize patching internet-facing systems immediately. For technical details, reference the Microsoft Security Update Guide.
Comments
Please log in or register to join the discussion