Windows TCP/IP Remote Code Execution Vulnerability (CVE-2024-38063)

A critical security vulnerability identified as CVE-2024-38063 has been discovered in the Windows TCP/IP stack, affecting all supported versions of Windows and Windows Server, including Server Core installations. This vulnerability allows remote code execution (RCE) without user interaction, classifying it as a zero-click exploit.

The flaw, which Microsoft has rated as critical with a CVSS score of 9.8, can be exploited through specially crafted IPv6 packets. An attacker could gain SYSTEM-level access, allowing full control over the affected system. Due to its severity, Microsoft has urged all users to apply the released security patches immediately. Disabling IPv6 is also recommended if it is not essential, as this could mitigate the attack vector.

(see CVE-2024-38063 for details)