Microsoft issued a risk notice for Windows TCP/IP remote code execution vulnerabilities. The vulnerability number is CVE-2021-24074. The vulnerability CVSS:3.0 score is 9.8 / 8.5.There is a remote code execution vulnerability in the Windows TCP/IP protocol. The attacker can directly execute arbitrary code on the remote target host through carefully constructed IP data packets.
Vulnerability Detail
There are two TCP/IP bugs in this month’s release, but I chose to highlight this vulnerability over CVE-2021-24094 since this bug affects IPv4 while the other impacts IPv6. Both bugs could allow remote, unauthenticated code execution on affected systems. For CVE-2021-24074, the vulnerability resides in IPv4 source routing, which should be disabled by default. You can also block source routing at firewalls or other perimeter devices. The IPv6 bug involves packet fragmentation where a large number of fragments could lead to code execution.
Affected Version
- Microsoft Windows 7/8/10/Server 2008/ Server 2012/Server 2016/Server 2019/Server 20H2
How To Fix
We recommend that users upgrade Windows to the latest version in time.
Impact of workaround
IPv4 Source routing is considered insecure and is blocked by default in Windows; however, a system will process the request and return an ICMP message denying the request. The workaround will cause the system to drop these requests altogether without any processing.
How to undo the workaround
To restore to default setting “Dontforward”:
netsh int ipv4 set global sourceroutingbehavior=dontforward
2. Configure firewall or load balancers to disallow source routing requests
