Microsoft issued a critical warning on Tuesday urging users to patch a TCP/IP vulnerability affecting all default IPv6-enabled Windows systems.
Discovered by Kunlun Lab's XiaoWei and identified as CVE-2024-38063, the flaw stems from an Integer Underflow weakness, enabling attackers to exploit buffer overflows and execute arbitrary code on vulnerable Windows 10, 11, and Server systems.
Despite recommendations against disabling IPv6 due to system functionality dependencies, Microsoft emphasized the urgent need for patching to mitigate remote exploitation risks posed by this highly exploitable vulnerability.
