CVE-2021-24094

Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24074.

Recent assessments:

bwatters-r7 at February 09, 2021 9:42pm UTC reported:

This remains a spectacularly new vulnerability with little documentation associated with it beyond Microsoft’s blog here: <https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/&gt;
In the blog, this is a remote code execution vulnerability reported as associated with IPv6 packet reassembly. According to the vulnerability report here: <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094&gt;, there is a patch, and you can create a firewall rule on Windows host-based firewalls to block an attack with the command Netsh int ipv6 set global reassemblylimit=0 to block packet reassembly. THIS MAY AFFECT SOME NETWORK TRAFFIC.
A second denial of service vulnerability (CVE-2021-24086) also associated with IPv6 fragment reassembly is mitigated with the same command.
As pure speculation, this vulnerability might be associated with memory corruption through improper length reporting, such that when packets are reassembled in memory, they are placed in a buffer of insufficient size to store them. Should that be the case, this would most likely be a heap vulnerability, and like other heap vulnerabilities before it like eternalblue, bluekeep, and dejablue, it will be a real pain to get to work on a regular basis or as a worm-able exploit.

Assessed Attacker Value: 1
Assessed Attacker Value: 1Assessed Attacker Value: 1