Microsoft has released a critical security vulnerability update. Most Windows computers are set to update automatically on a regular basis. However, if you have a computer that needs to be manually updated, we encourage you to update it as soon as possible.
Managed Computers will receive this update tonight, August 15th.
Vulnerability Summary:
A critical vulnerability has been identified in the Windows TCP/IP Stack that allows for unauthenticated remote code execution (RCE). No user interaction is required, making this a zero-click vulnerability. This vulnerability affects all supported versions of Windows and Windows Servers.
This remote code vulnerability enables an unauthenticated attacker to repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution. Microsoft has released urgent security patches and recommends to install these asap.
To learn more, visit: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
For questions, please contact the Help Desk at x3500, help@caltech.edu, https://help.caltech.edu.