Critical Windows TCP/IP Vulnerabilities

Critical Windows TCP/IP Vulnerabilities

Microsoft has announced three critical vulnerabilities that exist in the Microsoft TCP/IP implementation and urged immediate update by the users since the vulnerabilities are critical and remotely exploitable.

Contents of The Article hide
1 Overview
2 Description
3 Impact
4 Solution (Update/Workaround)
5 References to Advisories, Solutions and Tools

Overview

Critical Windows TCP/IP Vulnerabilities: Microsoft has announced three critical TCP/IP vulnerabilities (CVE-2021-24074, CVE-2021-24094) that could be exploited remotely by attackers and urges affected users to apply Windows updates released on February 9, 2021.

Description

Microsoft has released patches for vulnerabilities that stem from the bugs in the Windows TCP/IP implementation. All of the announced vulnerabilities are exploitable remotely by attackers. Two of these are (CVE-2021-24074, CVE-2021-24094) Remote Code Execution (RCE) vulnerabilities and one of them is (CVE-2021-24086) Denial of Service (DoS) vulnerability.

According to Microsoft, RCE vulnerabilities are not expected to be exploited functionally soon since they are complex. However, highly motivated and skilled adversaries, such as nation state attackers, should be expected to develop functional exploits for these vulnerabilities and attack critical systems. Also note that, all of the vulnerabilities could be exploited more quickly to conduct DoS attacks.

The vulnerabilities have been identified by Microsoft as part of continual security improvement process for Microsoft products. Microsoft also states that there is no evidence that these vulnerabilities were known to any third party.

Impact

An unauthenticated attacker can run arbitrary code remotely, leading to full system takeover or DoS.

Impact Summary CVE-2021-24074

Category: Remote Code Execution (RCE)
CVSS 3.1 Base Score: 9.8 Critical
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An unauthenticated attacker can run arbitrary code remotely, leading to full system takeover or DoS.

Impact Summary CVE-2021-24094

Category: Remote Code Execution (RCE)
CVSS 3.1 Base Score: 9.8 Critical
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An unauthenticated attacker can cause a stop error (blue screen) on Windows systems due to DoS attacks.

Impact Summary CVE-2021-24086

Category: Denial of Service (DoS)
CVSS 3.1 Base Score: 7.5 High
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Solution (Update/Workaround)

Microsoft has released both patches and documented workarounds for each vulnerability. The workarounds simply advice hardening against the use of Source Routing, which is disallowed by default in Windows and and IPv6 fragmenting.

Quote by Claude Shannon
Quote by Claude Shannon

One ought to design systems under the assumption that the enemy will immediately gain full familiarity with them.

Claude Shannon

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?