Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Nasty zero click flaw discovered in IPv6 networking on Windows.  (Read 319 times)

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7480
  • AAISP CF

Link to a video here explaining it.

https://www.youtube.com/watch?v=qhQRSUYnVG4

The CVE is CVE-2024-38063.

A lot of people including Microsoft are suggesting disabling IPv6 for now.  Although there is a patch available.

I haven't been able to discover if this can be exploited with all inbound IPv6 blocked on an external firewall device, or if it is exploitable via traffic initiated from the Windows client.  Blocking on a Windows firewall is confirmed not sufficient though as the packets are already being processed by Windows at that point.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5445
    • Thinkbroadband Quality Monitors
Re: Nasty zero click flaw discovered in IPv6 networking on Windows.
« Reply #1 on: August 21, 2024, 06:04:37 PM »

He suggested in the video that incoming being blocked by default should prevent it.

Although he also failed to explain what he meant by "disabling IPv6" despite suggesting this multiple times.  IMO he means disabling it on the router, not in Windows as I believe Windows expects IPv6, even if its simply via Turedo.

I think even today, a lot of problems people have when browsing can be IPv6 related as many ISPs run their IPv6 more as an afterthought.  I'm thinking especially in the US where my friend had IPv6 enabled by AT&T and they had to send someone out to disable it on his router as it plain didn't work reliably.

I still only have IPv6 on its own VLAN which primarily is used by my home server.  I just don't see any benefits in using it generally.
« Last Edit: August 21, 2024, 06:08:40 PM by Alex Atkin UK »
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + GL.iNet GL-X3000/ Spitz AX WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7480
  • AAISP CF
Re: Nasty zero click flaw discovered in IPv6 networking on Windows.
« Reply #2 on: August 21, 2024, 08:06:15 PM »

Ok thats good then, I am not great at absorbing info from videos, prefer a wall of text.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5445
    • Thinkbroadband Quality Monitors
Re: Nasty zero click flaw discovered in IPv6 networking on Windows.
« Reply #3 on: August 21, 2024, 08:39:43 PM »

I don't think even he was 100% sure as the person who found the flaw wont give out the details of how it works, for obvious reasons.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + GL.iNet GL-X3000/ Spitz AX WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors