advertisement
X-twitter Facebook Instagram Linkedin Youtube Spotify
Facebook
X
LinkedIn
WhatsApp
Reddit

Update Windows ASAP to avoid network takeover say experts

  • Security researchers are urging organisations and users to update and patch out a critical vulnerability in Microsoft Windows PC operating systems.
  • The vulnerability can be exploited by criminals to gain control of a company’s network.
  • Microsoft is urging organisations and users to update and patch out the vulnerability immediately.

On Tuesday Microsoft revealed a critical vulnerability in the way Windows handles internet protocols, a vulnerability security experts are now saying demands urgent attention and an update.

Among a list of 88 vulnerabilities, one in particular – CVE-2024-38063 – stands out because of the potential for criminals to exploit it and the consequences this may have on networks around the world.

As SecurityOnline.info explains, CVE-2024-38063 is a remote code execution when handling IPv6 or modern internet traffic. Microsoft assigned the vulnerability it found in this execution a severity of 9.8 out of 10, indicating a critical nature.

“The vulnerability is particularly concerning because it exists within TCP/IP, a fundamental protocol suite that underpins the Internet. TCP/IP facilitates communication across diverse networks, and any disruption or exploitation within this core component could have widespread consequences,” the publication’s security experts explain.

“Although CVE-2024-38063 is not currently under active exploitation, its potential for damage is significant.”

It was first discovered and brought to Microsoft’s attention by researchers at Kunlun Labs, and when it was revealed it “led to widespread concern within the cybersecurity community.”

Wei, the cybersecurity expert that found the potential exploit says on X that he will not reveal any more information about it to avoid potential dangers. They said the bug was found several months ago.

“The worst is likely the bug in TCP/IP that would allow a remote, unauthenticated attacker to get elevated code execution just by sending specially crafted IPv6 packets to an affected target,” Head of Threat Awareness at Trend Micro’s Zero Day Initiative Dustin Childs told Bleeping Computer.

This means that the vulnerability could be exploited by criminals to access a company’s entire network and gain control over it. Microsoft says that the attack complexity, the difficulty to exploit the vulnerability, is low.

Microsoft is urging organisations and users to update Windows and patch out the vulnerability as quickly as possible to avoid any potential exploits by criminals. You can find the official patch and more from Microsoft here.

[Image – Photo by Windows on Unsplash]

advertisement

About Author

More
Picture of Luis Monzon

Luis Monzon

Writer/journalist for HTXT. Beats are education and consumer tech. Reach me at Luis@HTXT.co.za.

Related News

SAA data breach started at the weekend

AI-powered cybersecurity isn’t enough, it needs a backbone

How cybercriminals use AI to fool you

Cisco debuts open-source reasoning model focused on security

MTN customers told to be cautious following breach

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.

© 2025. All rights reserved by HTXT.