CVE-2021-24074:

Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24074)

Score
A numerical rating that indicates how dangerous this vulnerability is.

9.8Critical

Published Date:Feb 25, 2021
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:19.0
EPSS Percentile:95%

Exploitability

Score:3.9
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24074)

Overview

This vulnerability affects the Windows TCP/IP stack and is considered critical due to its potential for remote code execution. The issue stems from improper validation of IPv4 packets with source routing options. An unauthenticated attacker could exploit this vulnerability by sending specially crafted IPv4 packets to a target system, potentially gaining the ability to execute arbitrary code in the context of the kernel. The vulnerability affects multiple versions of Windows operating systems and could lead to a complete system compromise. Microsoft has assigned this vulnerability a CVSS base score of 9.8 (Critical).

Remediation

To mitigate this vulnerability, Microsoft strongly recommends applying the security updates released in February 2021 Security Update. If patching is not immediately possible, the following temporary mitigations can be implemented:
1. Block inbound IPv4 packets with source routing options at the perimeter firewall
2. Run the following PowerShell command to block these packets at the Windows host:
netsh int ipv4 set global sourceroutingbehavior=drop
3. Disable IPv4 source routing by setting the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting = 2
4. Consider implementing network segmentation to isolate affected systems until patching is possible