漏洞概述
该漏洞允许远程攻击者在目标系统上执行任意代码。
该漏洞的存在是由于 Windows TCP/IP 中的整数下溢。
远程攻击者可以向受影响的应用程序发送特制请求,触发整数下溢并在目标系统上执行任意代码。
成功利用此漏洞可能会导致易受攻击的系统完全受到攻击。
漏洞编号:CVE-2024-38063发酵时间:2024.08.13漏洞细节:未公开漏洞类型:远程代码执行威胁等级:严重参考文章:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
漏洞细节
借助该漏洞攻击者向目标设备发送特制的 IPv6 数据包即可触发远程代码执行,目前关于该漏洞还没有太多细节,但微软提到禁用 IPv6 后可以缓解漏洞,因为禁用后该漏洞将无法利用。
注:未经身份验证的攻击者可以重复向 Windows 计算机发送 IPv6 数据包(其中包括特制数据包),从而启用远程代码执行。
整数下溢:指在计算机程序中对整数进行运算时,结果小于整数类型所能表示的最小值,导致溢出的情况。
# 错误代码示例int a = 5, b = 6;size_t len = a - b;char buf[len];
影响版本
Windows 11 Version 24H2 for x64-based SystemsWindows 11 Version 24H2 for ARM64-based SystemsWindows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2 for x64-based SystemsWindows 11 Version 23H2 for ARM64-based SystemsWindows 10 Version 22H2 for 32-bit SystemsWindows 10 Version 22H2 for ARM64-based SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 11 version 21H2 for ARM64-based SystemsWindows 11 version 21H2 for x64-based SystemsWindows Server 2022 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for 32-bit Systems
修复方案
原文始发于微信公众号(诸葛安全):【漏洞预警】Windows TCP/IP 远程代码执行漏洞(CVE-2024-38063)
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论