Armis Logo< Back

CVE-2021-24094:

Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24094)


Score
Info
A numerical rating that indicates how dangerous this vulnerability is.

9.8Critical
  • Published Date:Feb 25, 2021
  • CISA KEV Date:*No Data*
  • Industries Affected:20

Threat Predictions

  • EPSS Score:18.6
  • EPSS Percentile:95%

Exploitability

  • Score:3.9
  • Attack Vector:NETWORK
  • Attack Complexity:LOW
  • Privileges Required:NONE
  • User Interaction:NONE
  • Scope:UNCHANGED

Impact

  • Score:5.9
  • Confidentiality Impact:HIGH
  • Integrity Impact:HIGH
  • Availability Impact:HIGH

Description Preview

Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24094)

Overview

This vulnerability affects the Windows TCP/IP implementation and could lead to remote code execution on vulnerable Windows systems. The flaw exists in the way the Windows TCP/IP stack processes certain network packets. An attacker who successfully exploits this vulnerability could gain the ability to execute code in the context of the operating system, potentially taking complete control of the affected system. The vulnerability is particularly concerning because it could potentially be exploited without user interaction, making it a candidate for wormable attacks across networks.

Remediation

  • To address this vulnerability, Microsoft has released security updates. System administrators should apply the appropriate patches immediately to all affected systems. The following steps are recommended:
  • 1. Apply the security update provided by Microsoft through Windows Update or manually download and install the appropriate patch from the Microsoft Update Catalog.
  • 2. If patching is not immediately possible, consider implementing workarounds such as:
  • Restricting access to potentially vulnerable systems using firewall rules
  • Implementing network segmentation to limit the potential spread of any exploitation
  • Monitoring network traffic for unusual activity
  • 3. Ensure all Windows systems are configured to receive and apply security updates automatically.
  • 4. After applying the patch, restart affected systems to ensure the update takes effect.

References

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Medium
Retail Trade icon
Retail Trade
Manufacturing icon
Manufacturing
Educational Services icon
Educational Services
Finance and Insurance icon
Finance and Insurance
Public Administration icon
Public Administration
Transportation and Warehousing icon
Transportation and Warehousing
Health Care and Social Assistance icon
Health Care and Social Assistance
Professional, Scientific, and Technical Services icon
Professional, Scientific, and Technical Services
Low
Mining icon
Mining
Utilities icon
Utilities
Information icon
Information
Construction icon
Construction
Wholesale Trade icon
Wholesale Trade
Real Estate Rental and Leasing icon
Real Estate Rental and Leasing
Accommodation and Food Services icon
Accommodation and Food Services
Arts, Entertainment, and Recreation icon
Arts, Entertainment, and Recreation
Management of Companies and Enterprises icon
Management of Companies and Enterprises
Agriculture, Forestry, Fishing and Hunting icon
Agriculture, Forestry, Fishing and Hunting
Other Services (except Public Administration) icon
Other Services (except Public Administration)
Administrative and Support and Waste Management and Remediation Services icon
Administrative and Support and Waste Management and Remediation Services

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!