Zeroclick

Blog

Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. Found by Kunlun Lab’s XiaoWei and tracked as CVE-2024-38063, this security bug is caused by an Integer Underflow weakness, which attackers could exploit to trigger buffer overflows that…