Security researcher "Ynwarcs" has published proof-of-concept exploit code for CVE-2024-38063, a critical zero-click vulnerability affecting all Windows systems with IPv6 enabled. Originally discovered by XiaoWei of Kunlun Lab, this remote code execution flaw targets Windows 10, Windows 11, and Windows Server without requiring any user interaction.
The exploit code is now available on GitHub for researchers to study, but this also increases the risk of malicious actors exploiting the vulnerability. Microsoft is urging users to install the latest security updates immediately to protect against potential attacks. Organizations should prioritize patching and monitor for unusual IPv6 packet activity.
Source: Dark Reading