AttackerKBAKB:4BB453DC-4A7E-4FAF-832B-C5079208A3DACVE-2021-24074
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24094.
Recent assessments:
bwatters-r7 at February 09, 2021 9:16pm UTC reported:
This remains a spectacularly new vulnerability with little documentation associated with it beyond Microsoft’s blog here: <https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/>
In the blog, they report that this vulnerability is associated with IPv4 source routing, but the default blocks against source routing on Windows are not suffcient, as the default configuration allows a Windows system to process ICMP requests with source routing.
Reported as a remote code execution vulnerability, Microsoft claims that it will likely not be weaponized for that purpose quickly, though it might see a DoS exploit in the near-term.
There is a patch, but also, the mitigations provided in the guidance (<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074>) involve the creation of a rule blocking source forwarding from the built-in firewall:
netsh int ipv4 set global sourceroutingbehavior=drop
Such a change in the firewall configuration can be deployed by group policy and would not require a reboot. The rule could also be deployed to infrastructure firewalls, but would then only protect against attacks that took place across the firewall; the rules would need to be set on all Windows system host-based firewalls to protect against lateral movement within a network.
gwillcox-r7 at April 23, 2021 8:24pm UTC reported:
This remains a spectacularly new vulnerability with little documentation associated with it beyond Microsoft’s blog here: <https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/>
In the blog, they report that this vulnerability is associated with IPv4 source routing, but the default blocks against source routing on Windows are not suffcient, as the default configuration allows a Windows system to process ICMP requests with source routing.
Reported as a remote code execution vulnerability, Microsoft claims that it will likely not be weaponized for that purpose quickly, though it might see a DoS exploit in the near-term.
There is a patch, but also, the mitigations provided in the guidance (<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074>) involve the creation of a rule blocking source forwarding from the built-in firewall:
netsh int ipv4 set global sourceroutingbehavior=drop
Such a change in the firewall configuration can be deployed by group policy and would not require a reboot. The rule could also be deployed to infrastructure firewalls, but would then only protect against attacks that took place across the firewall; the rules would need to be set on all Windows system host-based firewalls to protect against lateral movement within a network.
Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 2
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P