Microsoft today encouraged customers to install security updates for three Windows TCP / IP vulnerabilities as quickly as possible critically and with high severity.
This warning was issued due to an increased exploitation risk and possible denial of service (DoS) attacks that could target these errors soon.
The three TCP / IP security issues affect computers running Windows client and server versions starting with Windows 7 and later.
They can all be remotely exploited by unauthorized attackers and are detected as CVE-2021-24074, CVE-2021-24094 and CVE-2021-24086.
Two of them expose unpacked systems to Remote Code Execution (RCE) attacks, while the third enables attackers to activate a DoS state by taking down the targeted device.
“DoS usage for these CPUs will allow a remote attacker to cause a stop error. Customers may receive a blue screen on any Windows system that is directly exposed to the Internet with minimal network traffic,” Microsoft Security said. Response Center team said.
“The two RCE vulnerabilities are complex making it difficult to create functional benefits, and so they are likely not in the short term.
“We believe that attackers will be able to create DoS exploits faster and expect all three issues to be exploited with a DoS attack shortly after release. we recommend that customers quickly apply Windows security updates this month. “
Windows TCP / IP vulnerabilities:
– Internal discovery at Microsoft
– Not exploited in nature
– Creating mining for RCE is very difficult
– To deny the solution in front of the patch, Source Route is denied, which is not allowed by defaultCVE-2021-24074 CVE-2021-24094 CVE-2021-24086 https://t.co/WJLhzqwRVp
– Kevin Beaumont (@GossiTheDog) February 9, 2021
Solutions also available
While Microsoft says it’s essential to apply today’s security updates to all Windows devices as soon as possible, the company also offers solutions for those who cannot deploy them right away.
Redmond provides separate Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6) solutions to these security issues.
The IPv4 solution requires hardening against the use of Source Routing, which is not normally allowed in Windows’ default state.
Detailed instructions available in the CVE-2021-24074 Advice can be applied through Group Policy or by performing a NETSH command that does not require the reloading machine.
The IPv6 solutions require IPv6 fragments to be blocked, which can unfortunately negatively affect services with IPv6 dependencies. Information on how to apply it is available in the CVE-2021-24094 and CVE-2021-24086 advice.
“IPv4 source routing requests and IPv6 snippets can be blocked on a peripheral device, such as a load balancer or a firewall,” Microsoft also noted.
“This option can be used to mitigate high-risk exposure systems and then have the systems pasted to their default cadences.”