CVE-2024-38063: The End of IPv6 as we know it or not a big deal?
Microsoft released a fix for CVE-2024-38063, a vulnerability affecting IPv6, as part of its monthly patch day. The vulnerability may allow attackers to gain full system access without user interaction, and Microsoft assigned it a CVSS score of 9.8.
In particular, Microsoft’s recommendation to disable IPv6 and its vague description of the vulnerability raised eyebrows. Past guidance from Microsoft specifically warned against disabling IPv6.
In this brief update, we will cover how to disable IPv6 without breaking your system and review past IPv6 vulnerabilities to help understand how this vulnerability may manifest.
Learn more about
SANS Internet Storm Center: https://isc.sans.edu
SANS Institute: https://www.sans.org
Dr. Johannes Ullrich is the Dean of Research for SANS Technology Institute, a SANS Faculty Fellow, founder of the Internet Storm Center (DShield.org), and host of the SANS Internet Storm Center Daily Stormcast, a daily podcast that provides a brief 5-minute summary of current network security related events. Learn more about Dr. Ullrich: https://www.sans.org/profiles/dr-johannes-ullrich
Views : 2619
ipv6
