9.8
CRITICAL
CVE-2024-38063
Microsoft Windows TCP/IP Remote Code Execution
Description

Windows TCP/IP Remote Code Execution Vulnerability

INFO

Published Date :

Aug. 13, 2024, 6:15 p.m.

Last Modified :

Aug. 16, 2024, 8:54 p.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2024-38063 has a 44 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-38063 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft windows_server_2008
2 Microsoft windows_server_2012
3 Microsoft windows_server_2016
4 Microsoft windows_server_2019
5 Microsoft windows_10_1607
6 Microsoft windows_10_1809
7 Microsoft windows_10_21h2
8 Microsoft windows_10_22h2
9 Microsoft windows_server_2022
10 Microsoft windows_11_21h2
11 Microsoft windows_11_22h2
12 Microsoft windows_10_1507
13 Microsoft windows_11_23h2
14 Microsoft windows_server_2022_23h2
15 Microsoft windows_server_23h2
16 Microsoft windows_server_2012_r2
17 Microsoft windows_server_2008_r2
18 Microsoft windows_server_2008_sp2
19 Microsoft windows_11_24h2
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-38063.

URL Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Python

Updated: 5 days, 17 hours ago
1 stars 0 fork 0 watcher
Born at : Nov. 29, 2024, 11:48 a.m. This repo has been linked 1 different CVEs too.

poc for exploiting cve-2024-38063

Python

Updated: 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Nov. 18, 2024, 3:20 p.m. This repo has been linked 1 different CVEs too.

PoC for Windows' IPv6 CVE-2024-38063

bsod bsod-crashes cve cvepoc dos ipv6 ipv6-network poc

Python

Updated: 1 week, 6 days ago
1 stars 0 fork 0 watcher
Born at : Nov. 16, 2024, 5:22 p.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 3 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : Nov. 7, 2024, 9:36 a.m. This repo has been linked 1 different CVEs too.

Vulnerability CVE-2024-38063

Python

Updated: 2 weeks ago
2 stars 0 fork 0 watcher
Born at : Oct. 15, 2024, 3:18 a.m. This repo has been linked 1 different CVEs too.

None

Python Batchfile PowerShell

Updated: 1 month, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Oct. 14, 2024, 5:46 p.m. This repo has been linked 1 different CVEs too.

None

Lua

Updated: 2 weeks, 3 days ago
1 stars 0 fork 0 watcher
Born at : Oct. 8, 2024, 6:24 a.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 2 months ago
0 stars 0 fork 0 watcher
Born at : Oct. 2, 2024, 5:46 p.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 2 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Sept. 23, 2024, 11:45 a.m. This repo has been linked 1 different CVEs too.

Kode Eksploitasi CVE-2024-38063

Python

Updated: 2 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Sept. 21, 2024, 5:33 p.m. This repo has been linked 1 different CVEs too.

CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6

HTML

Updated: 2 months, 3 weeks ago
1 stars 0 fork 0 watcher
Born at : Sept. 10, 2024, 7:15 a.m. This repo has been linked 2 different CVEs too.

quick powershell script to fix cve-2024-38063

blueteam cve-2024-38063 fix powershell script workaround

PowerShell

Updated: 2 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Sept. 7, 2024, 4:27 p.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 3 months ago
0 stars 1 fork 1 watcher
Born at : Sept. 3, 2024, 2:36 p.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 3 months ago
0 stars 0 fork 0 watcher
Born at : Sept. 2, 2024, 2:16 p.m. This repo has been linked 1 different CVEs too.

An IPv6 exploitation tool which demonstrates advanced networking techniques being used in the wild with CVE-2024-38063.

cve-2024-38063 cve-2024-38063-poc networking-concepts networking-in-python pentest-tool

Updated: 3 months ago
1 stars 0 fork 0 watcher
Born at : Sept. 2, 2024, 5 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-38063 vulnerability anywhere in the article.

  • Cybersecurity News
Critical SQL Injection Vulnerability Discovered in ‘The Events Calendar’ WordPress Plugin (CVE-2024-8275)

A severe security flaw has been identified in the popular WordPress plugin The Events Calendar, affecting all versions up to and including 6.6.4. Designated as CVE-2024-8275, the vulnerability has bee ... Read more

Published Date: Sep 26, 2024 (2 months, 1 week ago)
  • Cybersecurity News
TeamViewer Urges Users to Patch Privilege Escalation Flaws (CVE-2024-7479 and CVE-2024-7481)

In a recently disclosed security bulletin, TeamViewer has highlighted two critical vulnerabilities impacting its Remote Client and Remote Host products for Windows. CVE-2024-7479 and CVE-2024-7481—bot ... Read more

Published Date: Sep 26, 2024 (2 months, 1 week ago)
  • Cybersecurity News
CVE-2024-9014 (CVSS 9.9): pgAdmin’s Critical Vulnerability Puts User Data at Risk

pgAdmin, the leading open-source management tool for PostgreSQL databases, has released an urgent security update to address a critical vulnerability affecting versions 8.11 and earlier. This flaw, id ... Read more

Published Date: Sep 25, 2024 (2 months, 1 week ago)
  • Cybersecurity News
CISA Warns of Actively Exploited Ivanti vTM Flaw CVE-2024-7593 (CVSS 9.8), PoC Published

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding an actively exploited security vulnerability impacting Ivanti Virtual Traffic Manager (vTM), a ... Read more

Published Date: Sep 24, 2024 (2 months, 1 week ago)
  • Cybersecurity News
Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure

A critical security vulnerability affecting all GNU/Linux systems—and potentially others—has been identified by renowned security researcher Simone Margaritelli. The vulnerability, which allows for un ... Read more

Published Date: Sep 24, 2024 (2 months, 1 week ago)
  • Cybersecurity News
CVE-2024-9043 (CVSS 9.8): Cellopoint Secure Email Gateway Flaw Puts Sensitive Data at Risk

A recently disclosed vulnerability (CVE-2024-9043) in Cellopoint’s Secure Email Gateway (SEG) could expose enterprise email systems to critical security risks, making it an urgent matter for administr ... Read more

Published Date: Sep 24, 2024 (2 months, 1 week ago)
  • Cybersecurity News
20+ Victims and Counting: Lynx Ransomware’s Swift Rise

The Tor site of Lynx | Image: Rapid7In a recent report from Rapid7 Labs, the Lynx ransomware group has emerged as a new threat in the ever-evolving landscape of cybercrime. Identified in July 2024, Ly ... Read more

Published Date: Sep 15, 2024 (2 months, 2 weeks ago)
  • Cybersecurity News
Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws

In a security advisory released recently, Cloud Software Group has disclosed two vulnerabilities affecting the widely used Citrix Workspace app for Windows. These vulnerabilities, identified as CVE-20 ... Read more

Published Date: Sep 13, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
GitLab Issues Critical Security Patch for CVE-2024-6678 (CVSS 9.9), Urges Immediate Update

In a recent security advisory, GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The patches address several vulnerabilities, includ ... Read more

Published Date: Sep 12, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
CVE-2024-45409 (CVSS 10): Critical Ruby-SAML Flaw Leaves User Accounts Exposed

A critical security vulnerability, CVE-2024-45409, has been identified in the Ruby-SAML library, a widely used tool for implementing SAML (Security Assertion Markup Language) authorization on the clie ... Read more

Published Date: Sep 12, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
CosmicBeetle’s ScRansom Ransomware: A Growing Threat to European and Asian Businesses

Encryption scheme utilized by the latest ScRansom samples | Image: ESETIn a significant development tracked by ESET researchers, the threat actor known as CosmicBeetle has intensified its ransomware o ... Read more

Published Date: Sep 12, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
LNK Stomping (CVE-2024-38217): Microsoft Patches Years-Old Zero-Day Flaw

Image: Elastic SecurityMicrosoft’s September 2024 security update addresses a zero-day vulnerability affecting Smart App Control and SmartScreen. This vulnerability, dubbed “LNK stomping” (CVE-2024-38 ... Read more

Published Date: Sep 11, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
Earth Preta’s Cyber Arsenal Expands: New Malware and Strategies Target APAC Governments

A new report from Trend Micro has revealed that Earth Preta, the notorious cyber espionage group, has significantly evolved its tactics and malware arsenal, posing a heightened threat to government en ... Read more

Published Date: Sep 11, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
CVE-2024-8517: Critical SPIP Flaw Leaves Websites Vulnerable to Remote Attacks, PoC Published

The popular open-source content management system (CMS), SPIP, is facing a critical security vulnerability that could allow unauthenticated attackers to execute malicious code on affected servers. The ... Read more

Published Date: Sep 11, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
HAProxy Vulnerability CVE-2024-45506 Under Active Exploit: Urgent Patching Required

In the latest security advisory, HAProxy revealed that CVE-2024-45506, a vulnerability in its popular load balancing and proxy software, is now actively exploited. The vulnerability, which has a CVSS ... Read more

Published Date: Sep 09, 2024 (2 months, 3 weeks ago)
  • tripwire.com
Tripwire Patch Priority Index for August 2024

Tripwire's August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google.First on the list are patches for Microsoft Edge and Google Chromium that re ... Read more

Published Date: Sep 02, 2024 (3 months ago)
  • Cybersecurity News
AISURU Botnet Identified in Massive DDoS Attack on Steam

A massive, coordinated DDoS attack disrupted Steam services globally and the Perfect World Esports platform in China on the weekend of August 24-26, coinciding with the launch of the highly anticipate ... Read more

Published Date: Sep 02, 2024 (3 months ago)
  • The Register
Proof-of-concept code released for zero-click critical IPv6 Windows hole

Windows users who haven't yet installed the latest fixes to their operating systems will need to get a move on, as code now exists to exploit a critical Microsoft vulnerability announced by Redmond tw ... Read more

Published Date: Aug 28, 2024 (3 months ago)
  • Cybersecurity News
CVE-2024-6633 (CVSS 9.8): Critical Flaw in Fortra FileCatalyst Workflow

Fortra, a prominent provider of enterprise file transfer solutions, has released an urgent security advisory highlighting two critical vulnerabilities within its FileCatalyst Workflow product. Designa ... Read more

Published Date: Aug 28, 2024 (3 months, 1 week ago)
  • Cybersecurity News
PoC Exploit Released for Arbitrary File Write Flaw (CVE-2024-22263) in Spring Cloud Data Flow

Security researcher Zeyad Azima from SecureLayer7 published the proof-of-concept exploit for arbitrary file write vulnerability (CVE-2024-22263) in Spring Cloud Data Flow, a widely-used tool for cloud ... Read more

Published Date: Aug 28, 2024 (3 months, 1 week ago)
  • Cybersecurity News
SSN, Banking Details at Risk in Major Texas Credit Union Breach

The largest credit union in Texas, Texas Dow Employees Credit Union (TDECU), has reported a significant data breach affecting more than 500,000 individuals. The incident may have compromised Social Se ... Read more

Published Date: Aug 28, 2024 (3 months, 1 week ago)
  • Dark Reading
PoC Exploit for Zero-Click Vulnerability Made Available to the Masses

Source: Ascannio via Alamy Stock PhotoA security researcher named "Ynwarcs" has published analysis of a proof-of-concept exploit code for a critical zero-click vulnerability in Windows TCP/IP.The vuln ... Read more

Published Date: Aug 27, 2024 (3 months, 1 week ago)
  • Cybersecurity News
CVE-2024-31214 & CVE-2024-24809: Traccar Users Urged to Update Immediately

Image: Horizon3Please enable JavaScriptTwo critical vulnerabilities have been discovered in the popular GPS tracking system Traccar, which is used for both personal and corporate applications. The vul ... Read more

Published Date: Aug 27, 2024 (3 months, 1 week ago)
  • malwaretech.com
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6

Since the latest Windows patch dropped on the 13th of August I’ve been deep in the weeds of tcpip.sys (the kernel driver responsible for handling TCP/IP packets). A vulnerability with a 9.8 CVSS score ... Read more

Published Date: Aug 27, 2024 (3 months, 1 week ago)
  • Cybersecurity News
Zero-Click Windows RCE Threat: Researcher Publishes PoC Exploit for CVE-2024-38063

In a significant development for cybersecurity professionals, security researcher Ynwarcs has published an in-depth analysis and proof-of-concept (PoC) exploit code for a critical zero-click CVE-2024- ... Read more

Published Date: Aug 27, 2024 (3 months, 1 week ago)
  • Cybersecurity News
Google Chrome Faces Double Blow with New Zero-Day Flaw Exploits: CVE-2024-7965 and CVE-2024-7971

In a significant update to its security advisory, Google has confirmed that CVE-2024-7965, a high-severity zero-day vulnerability in the Chrome browser, has been actively exploited in the wild. This r ... Read more

Published Date: Aug 27, 2024 (3 months, 1 week ago)
  • Cybersecurity News
Hillstone Networks Addresses Critical RCE Vulnerability in WAF (CVE-2024-8073, CVSS 9.8)

Hillstone Networks, a global leader in network security solutions, has released a security advisory addressing a critical vulnerability (CVE-2024-8073) in its Web Application Firewall (WAF) product. T ... Read more

Published Date: Aug 26, 2024 (3 months, 1 week ago)
  • Cybersecurity News
Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk

Security researcher ‘Frost’ has released proof-of-concept exploit code for the CVE-2024-38054 vulnerability, escalating concerns over a recently patched Windows security flaw. This high-severity vulne ... Read more

Published Date: Aug 23, 2024 (3 months, 1 week ago)
  • Cybersecurity News
PoC Exploit Released for RCE 0-day CVE-2024-41992 in Arcadyan FMIMG51AX000J Model

A critical vulnerability, identified as CVE-2024-41992, has been discovered in the Arcadyan FMIMG51AX000J model, and potentially other WiFi Alliance-affiliated devices using the same firmware version ... Read more

Published Date: Aug 22, 2024 (3 months, 1 week ago)
  • Cybersecurity News
F5 Issues Security Advisories for NGINX Plus (CVE-2024-39792) & BIG-IP Next Central Manager (CVE-2024-39809)

F5, a prominent provider of application delivery and security solutions, has recently released security advisories addressing vulnerabilities in two of its products: NGINX Plus and BIG-IP Next Central ... Read more

Published Date: Aug 20, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
PrestaShop Websites Under Attack: GTAG Websocket Skimmer Steals Credit Card Data

Security researchers at Sucuri have discovered a new credit card skimmer exploiting a vulnerability in PrestaShop websites. This sophisticated attack uses a WebSocket connection to pilfer sensitive cu ... Read more

Published Date: Aug 20, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
HookChain: The Technique That Bypass Exposes EDR in 94% of Security Solutions

Image Credit: M4v3r1ckIn an ever-evolving cybersecurity landscape, where threats are becoming more sophisticated by the day, the focus on Endpoint Detection and Response (EDR) systems has never been m ... Read more

Published Date: Aug 19, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
Beware of Fake PoC Exploits for 0-Click RCE CVE-2024-38063 on GitHub

Security researchers have discovered a series of fake proof-of-concept (PoC) exploit codes for the critical CVE-2024-38063 vulnerability affecting Windows systems. These fraudulent exploits, which hav ... Read more

Published Date: Aug 19, 2024 (3 months, 2 weeks ago)
  • Cyber Security News
Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & Other Stories

The “Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More” provides a comprehensive overview of the latest developments in the cybersecurity landscape. Each edition hi ... Read more

Published Date: Aug 18, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
Cybercriminals Evolve Social Engineering Tactics, Exploit CVE-2022-26923 in Sophisticated Campaign

Credential harvester prompt spawned by `AntiSpam.exe | Image: Rapid7 Recently, cybersecurity firm Rapid7 identified a series of sophisticated intrusion attempts linked to an ongoing social engineering ... Read more

Published Date: Aug 17, 2024 (3 months, 2 weeks ago)
  • schneier.com
New Windows IPv6 Zero-Click Vulnerability

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attack ... Read more

Published Date: Aug 16, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
Last Mile Reassembly Attacks Bypass Leading Secure Web Gateways

SquareX, along with its founder Vivek Ramachandran, a renowned cybersecurity expert, recently uncovered a vulnerability in Secure Web Gateway (SWG) systems, which are employed to safeguard corporate n ... Read more

Published Date: Aug 16, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
Windows TCP/IP Vulnerability CVE-2024-38063: Researchers Hold Back Exploit Details Due to High Risk

In a recent August Patch Tuesday, Microsoft urgently addressed a critical security vulnerability within the Windows TCP/IP stack, identified as CVE-2024-38063. With a CVSS score of 9.8, this flaw has ... Read more

Published Date: Aug 15, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
CVE-2024-42479 (CVSS 10) in Popular Python Package llama_cpp_python Exposes Millions to RCE

Please enable JavaScriptA severe security vulnerability has been discovered in the widely-used AI library llama_cpp_python, potentially allowing threat actors to execute malicious code on affected sys ... Read more

Published Date: Aug 15, 2024 (3 months, 2 weeks ago)
  • BleepingComputer
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, w ... Read more

Published Date: Aug 14, 2024 (3 months, 2 weeks ago)
  • BleepingComputer
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, w ... Read more

Published Date: Aug 14, 2024 (3 months, 2 weeks ago)
  • crowdstrike.com
August 2024 Patch Tuesday: Six Zero-Days and Six Critical Vulnerabilities Amid 85 CVEs

Microsoft has released security updates for 85 vulnerabilities in its August 2024 Patch Tuesday rollout. These include six actively exploited zero-days (CVE-2024-38213, CVE-2024-38193, CVE-2024-38189, ... Read more

Published Date: Aug 14, 2024 (3 months, 2 weeks ago)
  • security.nl
Microsoft verwacht misbruik van kritiek 'wormable' Windows TCP/IP-lek

Microsoft verwacht dat aanvallers misbruik zullen maken van een kritieke TCP/IP-kwetsbaarheid in Windows waardoor remote code execution zonder enige interactie van gebruikers mogelijk is. Volgens secu ... Read more

Published Date: Aug 14, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
Microsoft Tackles 9 Zero-Day Exploits in August 2024 Patch Tuesday Update

Microsoft has released its August 2024 Patch Tuesday update, addressing multiple vulnerabilities across its software ecosystem. This month’s update features fixes for a total of 90 vulnerabilities, in ... Read more

Published Date: Aug 14, 2024 (3 months, 3 weeks ago)
  • Cyber Security News
Critical 0-Click RCE in Windows TCP/IP Stack Impacts All Systems

Microsoft has released an urgent security update to address a critical remote code execution vulnerability in the Windows TCP/IP stack. The flaw tracked as CVE-2024-38063, affects all supported Window ... Read more

Published Date: Aug 14, 2024 (3 months, 3 weeks ago)
  • Cybersecurity News
CVE-2024-38063 (CVSS 9.8): 0-Click RCE Affects All Windows Systems

Please enable JavaScriptIn its latest Patch Tuesday security update, Microsoft has disclosed a critical vulnerability in the Windows TCP/IP stack that demands urgent attention. Among the 88 vulnerabil ... Read more

Published Date: Aug 14, 2024 (3 months, 3 weeks ago)
  • TheCyberThrone
Microsoft Patch Tuesday-August 2024

Microsoft patched 90 CVEs in its August 2024 Patch Tuesday release, with seven rated critical, 82 rated as important, and one rated as moderate.This includes updates for vulnerabilities in Microsoft O ... Read more

Published Date: Aug 14, 2024 (3 months, 3 weeks ago)
  • tripwire.com
VERT Threat Alert: August 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.CVE ... Read more

Published Date: Aug 13, 2024 (3 months, 3 weeks ago)
  • BleepingComputer
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an ... Read more

Published Date: Aug 13, 2024 (3 months, 3 weeks ago)

The following table lists the changes that have been made to the CVE-2024-38063 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Aug. 16, 2024

    Action Type Old Value New Value
    Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 Patch, Vendor Advisory
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.10240.20751 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7259 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6189 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.4780 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.4780 *cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22000.3147 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.4037 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22631.4037 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.1457 *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* versions up to (excluding) 6.2.9200.25031 *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7259 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6189 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.2655 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1085
  • CVE Received by [email protected]

    Aug. 13, 2024

    Action Type Old Value New Value
    Added Description Windows TCP/IP Remote Code Execution Vulnerability
    Added Reference Microsoft Corporation https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 [No types assigned]
    Added CWE Microsoft Corporation CWE-191
    Added CVSS V3.1 Microsoft Corporation AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-38063 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-38063 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability