Security News > 2024 > August > New Windows IPv6 Zero-Click Vulnerability
2024-08-16 11:07
As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets.
Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an "Exploitation more likely" label, which means that threat actors could create exploit code to "Consistently exploit the flaw in attacks."
News URL
https://www.schneier.com/blog/archives/2024/08/new-windows-ipv6-zero-click-vulnerability.html
Related news
- Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled (source)
- Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now (source)
- APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) (source)
- Proof-of-concept code released for zero-click critical IPv6 Windows hole (source)