Microsoft released an advisory with critical vulns in Windows-TCP-Stack (IPv4 and IPv6)
- Windows IPv4 TCP/IP Remote Code Execution Vulnerability CVE-2021-24074
- Windows IPv6 TCP/IP Remote Code Execution Vulnerability CVE-2021-24094
Patches are available, Mitigations for both vuln are found in the advisories.
The following Windows versions are known to be affected by these vulnerabilities:
- 7
- 8.1
- 10
As well as Windows Server:
- 2008
- 2012
- 2016
- 2019
- version 1909
- version 2004
- version 20H2
References
- Windows IPv4 TCP/IP Remote Code Execution Vulnerability CVE-2021-24074
- Windows IPv6 TCP/IP Remote Code Execution Vulnerability CVE-2021-24094
- cert.govt.nz Critical vulnerabilities in Microsoft Windows TCP/IP stack
- PaloAlto Unit42: Threat Brief: Windows IPv4 and IPv6 Stack Vulnerabilities (CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094)
- ZDI: THE FEBRUARY 2021 SECURITY UPDATE REVIEW
Fragen? Kontakt: info@zero.bs