CVE-2021-24074

Опубликовано: 09 фев. 2021

Источник: msrc

CVSS3: 9.8

EPSS Средний

Описание

Windows TCP/IP Remote Code Execution Vulnerability

Обходное решение

1. Set sourceroutingbehavior to "drop"

Use the following command:

netsh int ipv4 set global sourceroutingbehavior=drop

For more information about ipv4 registry settings see Additional Registry Settings

Impact of workaround

IPv4 Source routing is considered insecure and is blocked by default in Windows; however, a system will process the request and return an ICMP message denying the request. The workaround will cause the system to drop these requests altogether without any processing.

How to undo the workaround

To restore to default setting "Dontforward":

netsh int ipv4 set global sourceroutingbehavior=dontforward

2. Configure firewall or load balancers to disallow source routing requests

FAQ

Where can I find more information about this vulnerability?

Please see MSRC Blog regarding the TCP/IP vulnerabilities discussed in CVE-2021-24074, CVE-2021-24086, and CVE-2021-24094.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	4601360 4601366	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	4601360 4601366	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	4601360 4601366	Monthly Rollup Security Only
Windows 7 for 32-bit Systems Service Pack 1	4601347 4601363	Monthly Rollup Security Only
Windows 7 for x64-based Systems Service Pack 1	4601347 4601363	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	4601347 4601363	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	4601347 4601363	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	4601360 4601366	Monthly Rollup Security Only
Windows Server 2012	4601348 4601357	Monthly Rollup Security Only
Windows Server 2012 (Server Core installation)	4601348 4601357	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation More Likely

Older Software Release

Exploitation More Likely

DOS

N/A

EPSS

Процентиль: 93%

0.11498

Средний

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2021-24074

CVSS3: 9.8

nvd

больше 4 лет назад

Windows TCP/IP Remote Code Execution Vulnerability

GHSA-frhg-hjvm-jhc2

CVSS3: 9.8

github

около 3 лет назад

Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24094.

BDU:2021-01000

CVSS3: 9.8

fstec

больше 4 лет назад

Уязвимость реализации протокола TCP/IP операционных систем Windows, позволяющая нарушителю выполнить произвольный код

CVE-2021-24094

CVSS3: 9.8

msrc

больше 4 лет назад

Windows TCP/IP Remote Code Execution Vulnerability

CVE-2021-24086

CVSS3: 7.5

msrc

больше 4 лет назад

Windows TCP/IP Denial of Service Vulnerability

EPSS

Процентиль: 93%

0.11498

Средний

9.8 Critical

CVSS3