Microsoft asked customers today to install security updates for three Windows TCP / IP vulnerabilities that are classified as critical and of high severity as quickly as possible.
This warning was issued due to the high risk of exploitation and potential denial of service (DoS) attacks that could soon target these bugs.
The three TCP / IP security vulnerabilities affect computers running Windows client and server versions starting with Windows 7 and higher.
They can be exploited remotely by unauthenticated attackers and are tracked as CVE-2021-24074, CVE-2021-24094 and CVE-2021-24086.
Two of them expose unpatched systems to remote code execution (RCE) attacks, while the third allows attackers to trigger a DoS state, bringing down the targeted device.
“DoS exploits for these CVEs would allow a remote attacker to cause a stop error. Customers can receive a blue screen on any Windows system that is directly exposed to the Internet with minimal network traffic,” said the Microsoft Security Response Center team. .
“The two RCE vulnerabilities are complex, which makes it difficult to create functional exploits, so they are not likely in the short term.
“We believe that attackers will be able to create DoS exploits much more quickly and we hope that all three problems can be exploited with a DoS attack shortly after launch. We recommend that customers quickly apply Windows security updates this month. “
Windows TCP / IP vulnerabilities:
– Internal discovery at Microsoft
– Not explored in nature
– Creating an exploit for CER is very difficult
– The pre-patch workaround is to deny source routing, which is not allowed by defaultCVE-2021-24074 CVE-2021-24094 CVE-2021-24086https: //t.co/WJLhzqwRVp
– Kevin Beaumont (@GossiTheDog) February 9, 2021
Alternative solutions also available
While Microsoft says it is vital to apply today’s security updates to all Windows devices as quickly as possible, the company also offers workarounds for those who cannot deploy them immediately.
Redmond provides separate Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) solutions to these security issues.
The IPv4 workaround requires protection against the use of source routing, which is normally not allowed in the standard Windows state.
The detailed instructions available in press release CVE-2021-24074 can be applied through Group Policy or by executing a NETSH command that will not require a restart of the corrected machine.
Alternative IPv6 solutions require the blocking of IPv6 fragments that, unfortunately, can negatively impact services with IPv6 dependencies – information on how to apply them is available in the councils CVE-2021-24094 and CVE-2021-24086.
“IPv4 source routing requests and IPv6 fragments can be blocked on an edge device, such as a load balancer or a firewall,” noted Microsoft.
“This option can be used to mitigate systems with high risk exposure and then allow the systems to be corrected following their standard cadence.”