Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
(RCE) Remote Code Execution bug/exploit in TCP/IP and work arounds.
75 views
Skip to first unread message
skybuck2000
Feb 11, 2021, 10:34:45 AM2/11/21
to
IPv4 Source Routing requests bug in all versions of windows:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074
IPv6 re-assembly bug in all versions of windows that have IPv6:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094
Work around, run these two commands in ms-dos prompt with admin rights, (this will make system more secure):
netsh int ipv4 set global sourceroutingbehavior=drop
Netsh int ipv6 set global reassemblylimit=0
To re-enable later or never, (this will make system insecure):
netsh int ipv4 set global sourceroutingbehavior=dontforward
Netsh int ipv6 set global reassemblylimit=267748640
Skybuck's take on this:
To me it seems these are some kind of ipv4 and ipv6 fragment/re-assembly bugs in combination with these features/source request.
In default state windows systems might be protected, though this is unsure to me at this moment. Therefore it seems very wise to run these two commands to protect older systems. This also include the still popular and valuable windows 7 operating system !
Bye for now,
Skybuck.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074
IPv6 re-assembly bug in all versions of windows that have IPv6:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094
Work around, run these two commands in ms-dos prompt with admin rights, (this will make system more secure):
netsh int ipv4 set global sourceroutingbehavior=drop
Netsh int ipv6 set global reassemblylimit=0
To re-enable later or never, (this will make system insecure):
netsh int ipv4 set global sourceroutingbehavior=dontforward
Netsh int ipv6 set global reassemblylimit=267748640
Skybuck's take on this:
To me it seems these are some kind of ipv4 and ipv6 fragment/re-assembly bugs in combination with these features/source request.
In default state windows systems might be protected, though this is unsure to me at this moment. Therefore it seems very wise to run these two commands to protect older systems. This also include the still popular and valuable windows 7 operating system !
Bye for now,
Skybuck.
0 new messages