😏🐧
All Windows users should immediately update their computers. An exploit rated 9.8/10 (CVE-2024-38063) compromises all devices running Windows with an IPv6 address.
Submitted 2 months ago by hal_5700X@sh.itjust.works to technology@lemmy.world
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38063
Comments
tabular@lemmy.world 2 months ago
tpihkal@lemmy.world 2 months ago
Just say you run Arch and move on.
kescusay@lemmy.world 2 months ago
You run Arch and move on.
(Am I doing this right?)
mesamunefire@lemmy.world 2 months ago
People always talk about Arch. I wonder what people think of other oses and the people who run them lol. Like I’m a bearded Debian user (closer to the look of the Dilbert comic unix guy).
tabular@lemmy.world 2 months ago
🐧🌿 (♏)
octopus_ink@lemmy.ml 2 months ago
Just say you run Arch and move on.
You run Arch and move on.
Lost_My_Mind@lemmy.world 2 months ago
I thought he was saying he’s sexually attracted to punguins…
transistor@lemdro.id 2 months ago
I run Arch and since then moved on.
FreshLight@sh.itjust.works 2 months ago
Still waiting for a distro named “Arch btw”
aStonedSanta@lemm.ee 2 months ago
Cachy me outside. I’ll run arch over you.
narc0tic_bird@lemm.ee 2 months ago
I like Linux, but it can have security issues just as well.
tabular@lemmy.world 2 months ago
Sure can. Just more eyeballs it, who are from from 3rd parties.
Evil_Shrubbery@lemm.ee 2 months ago
If Linux is so great, then explain why I can’t even install this latest security patch for Windows on my Tumbleweed??
tabular@lemmy.world 2 months ago
You need to sudo zyyper install win_patch
M0oP0o@mander.xyz 2 months ago
“Compromises all devices running … an IPv6 address.”
Oh so no one is effected. (other then network nerds, and they are not real)
froh42@lemmy.world 2 months ago
IPV6 is already rolled out in parts of the world. My provider has a Dual Stack lite architecture, the home connection is over IPV6, IPV4 is normally being tunneled through a provider grade NAT.
As I AM a network nerd, I pay for a dedicated IPV4 address every month, so I can reach my stuff from outside from old IPV4 only networks.
turkalino@lemmy.yachts 2 months ago
Why not instead use the money to pay for a domain name and use a router with a dynamic DNS daemon?
primrosepathspeedrun@lemmy.world 2 months ago
they certainly don’t run windows.
hal_5700X@sh.itjust.works 2 months ago
IPv6 is enabled by default on windows.
echodot@feddit.uk 2 months ago
I’ve just queried it my IP is V4 so presumably I’m fine.
Scrollone@feddit.it 2 months ago
Unfortunately (or fortunately, it depends on how you see it), some providers are already on IPv6. My Italian ISP has IPv6 with CGNAT, so all its users are on IPv6 without even knowing what it is.
M0oP0o@mander.xyz 2 months ago
Dang Italian network nerds! That will teach them for believing in a better tech future.
TransplantedSconie@lemm.ee 2 months ago
Is this for Windows 11?
My windows XP laptop is good right?
treadful@lemmy.zip 2 months ago
Our windows XP laptop
Lost_My_Mind@lemmy.world 2 months ago
Can’t tell if you’re russian, or room mates.
huquad@lemmy.ml 2 months ago
IPv6 huh? There are dozens of us!
bruhduh@lemmy.world 2 months ago
Yay, new Xbox jailbreak method, can’t wait for new modded warfare videos about it
MazonnaCara89@lemmy.ml 2 months ago
ReginaPhalange@lemmy.world 2 months ago
Serious question - I haven’t touched my Xbox one for about 4 years , it wasn’t powered and wasn’t connected to the internet - I would love to jailbreak it and run Linux on it. Can it be done?
bruhduh@lemmy.world 2 months ago
About Linux, it’s not yet feasible, probably soon, right now Xbox one/series jailbreak scene is only making first steps with dumping of games and launching roms and emulators without dev mode
jordanlund@lemmy.world 2 months ago
Well, not ALL Windows machines…
“Systems are not affected if IPv6 is disabled on the target machine.”
I can’t remember the last time I saw an IPv6 machine…
AProfessional@lemmy.world 2 months ago
It is on by default in Windows… More likely people have routers with it disabled.
RisingSwell@lemmy.dbzer0.com 2 months ago
Definitely on by default on my laptop
Appoxo@lemmy.dbzer0.com 2 months ago
And disabling it fucks with Windows AD.
cbarrick@lemmy.world 2 months ago
Where I work, everything is on IPv6. Both the infrastructure for the software services that we run, and our own internal corporate network.
My ISP also provides publicly routable IPv6 prefixes over DHCP. Any layman in my city with this ISP will be on IPv6 by default.
I also use IPv6 for my LAN.
Like, it’s just kind of the default in my neck of the woods…
Trainguyrom@reddthat.com 2 months ago
I have two different ISPs offering gigabit fiber to the home, neither offers IPv6 at all. One of thes years I’ll tunnel an IPv6 prefix or two onto my network to actually get some real world experience with…
BearOfaTime@lemm.ee 2 months ago
It’s on by default with Win10 at least.
I disable it on all machines I build. And use GP to ensure it stays disabled.
cm0002@lemmy.world 2 months ago
Same, ain’t nobody got time to memorize IPv6 addresses! Lmao
Brkdncr@lemmy.world 2 months ago
IPv6 is enabled by default on windows. Additionally, MS does no testing against machines with ipv6 turned off. People that go through the effort of turning it off may run into problems.
cmnybo@discuss.tchncs.de 2 months ago
My entire network runs IPv6. I don’t have any windows machines though.
HarriPotero@lemmy.world 2 months ago
My ISP enabled native IPv6 for me a few months back. It’s pretty great. I don’t have any windows machines, but I doubt my wife has disabled it on hers.
Anyway, our router is set up to drop incoming IPv6 traffic by default, sanely enough.
ulkesh@lemmy.world 2 months ago
I updated Windows so hard Linux popped out.
dsilverz@thelemmy.club 2 months ago
And it’s Arch, by the way.
Blaster_M@lemmy.world 2 months ago
To note: It shows even Windows Server 2008 as affected. Since MS is only testing against OSses they support, it is possible this has existed as a problem all the way back since IPv6 was first introduced to Windows XP.
Also, for all of you “disable IPv6 because I don’t understand it” people… unless you are running Windows 8 or older, just update Windows. IPv4 has been out of addresses for so long that CGNAT is a thing, which means connectivity problems when you’re hosting stuff, and more latency and packet drops from ISP routers getting saturated with NAT tasks. IPv6 is alive on the internet since 2011 and very much used on the internet, does not tie up routers by requiring NAT translation, and therefore just performs better. Plus, if you use your network printer’s or network device’s link-local ipv6 to connect locally, you will never have to deal with static ip address or changing ipv4 lan address pain, as link-local (non-routable on the internet) addresses don’t change unless you force it.
Emerald@lemmy.world 2 months ago
I’m still on 22h2 lol
Blaster_M@lemmy.world 2 months ago
Every version of 10 going back to 15.07 original release is affected.
LaggyKar@programming.dev 2 months ago
This would presumably mainly be an issue for computers open to the internet. So not so much for home PCs, unless the router’s firewall is opened up.
r00ty@kbin.life 2 months ago
I've not read the CVE but assuming it works on any IPv6 address including the privacy extensions addresses, it's a problem. Depending on what most routers do in terms of IPv6 firewalling.
My opinion is, IPv6 firewalls should, by default, offer similar levels of security to NAT. That is, no unsolicited incoming connections but allow outgoing ones freely.
In my experience, it's a bit hit-and-miss whether they do or not.
Now, if this works on privacy extension addresses, it's a problem because the IPv6 address could be harvested from outgoing connections and then attacked. If not, then scanning the IPv6 space is extremely hard and by default addresses are assigned randomly inside the /64 most people have assigned by their ISP means that the address space just within your own LAN is huge to scan.
If it doesn't work on privacy extension IPs, I would say the risk is very low, since the main IPv6 address is generally not exposed and would be very hard to find by chance.
Here's the big caveat, though. If these packets can be crafted as part of a response to an active outgoing TCP circuit/session. Then all bets are off. Because a popular web server could be hacked, adjusted to insert these packets on existing circuits/sessions in the normal response from the web server. Meaning, this could be exploited simply by visiting a website.
Toribor@corndog.social 2 months ago
IPv6 firewalls should, by default, offer similar levels of security to NAT
I think you’re probably right. We had decades of security experts saying that NAT is not a firewall and everyone on the planet treated it like one anyway. Now we’re overexposed for a no-NAT IPV6 internet.
LarmyOfLone@lemm.ee 2 months ago
What about torrenting through a VPN with IPv6? Would that make you vulnerable to this exploit?
LaggyKar@programming.dev 2 months ago
Harvesting IP addresses shouldn’t be a problem, since the firewall shouldn’t allow packets from a peer you haven’t talked to first. But true, if you can be attacked in response by a server you’re connecting to that would be bad.
RvTV95XBeo@sh.itjust.works 2 months ago
For a professional sysadmin’s home network? Maybe. For the average Joe who probably has their 12-year-old toaster still connected to their wifi? I wouldn’t bank on it.
pineapplelover@lemm.ee 2 months ago
Lmao good thing we’re all on ipv4
Dumbkid@lemmy.dbzer0.com 2 months ago
Sick my isp doesn’t even support ipv6
Scrollone@feddit.it 2 months ago
Be the change you want to see in the world, send an email asking for IPv6.
Malfeasant@lemm.ee 2 months ago
I did that years ago, and they said basically “never”. Then a couple years later all of a sudden, there it was.
GluWu@lemm.ee 2 months ago
I just updated and now my audio sounds like shit.
ColeSloth@discuss.tchncs.de 2 months ago
That’s pretty odd. Did you try turning it off and on again?
RememberTheApollo_@lemmy.world 2 months ago
My LAN has ipv6 disabled. So there.
nobleshift@lemmy.world 2 months ago
Token Ring FTW /s
r00ty@kbin.life 2 months ago
Dude 10-Base2 won, get over it!
USSEthernet@startrek.website 2 months ago
Nah, bus with terminators is better.
NaoPb@eviltoast.org 2 months ago
I’m not running my computer with an IPv6 address. Only my modem has an IPv6 address. Does that mean I’m not affected?
I’ll make sure to updats either way though.
afivedaystorm@lemmy.world 2 months ago
[deleted]psvrh@lemmy.ca 2 months ago
“There but for the grace of god go thee.”
Or, to be less poetic, “don’t get cocky”.
Hacks can happen to anyone. Better lessons to learn is “don’t enable or install what you don’t need” and “keep machines you don’t trust off your local network”
corsicanguppy@lemmy.ca 2 months ago
What about reactOS?
Lemminary@lemmy.world 2 months ago
Hah! Joke’s on you. I accidentally restarted my PC and updated it without wanting to.
TornadoRex@sh.itjust.works 2 months ago
Yeah? Well I was playing a game and it rebooted in the middle of a boss fight!
ivanafterall@lemmy.world 2 months ago
I was mid-proposal. She said, “Yes, as long as this call doesn’t e…” Thanks a lot, Microsoft!
Appoxo@lemmy.dbzer0.com 2 months ago
Tell me you didnt take a look at your windows update settings without saying so.
Blackmist@feddit.uk 2 months ago
Mine restarted while I was watching a movie.
Thanks Windows.
gregor@gregtech.eu 2 months ago
Linux time?
NegativeLookBehind@lemmy.world 2 months ago
Linux always
TechAnon@lemm.ee 2 months ago
A working clock is always right!