Windows TCP/IP Remote Code Execution Vulnerability CVE-2024-38045 Security Vulnerability Released: Sep 10, 2024 Assigning CNA: Microsoft Impact: Remote Code Execution Max Severity: Important Weakness: CWE-122: Heap-based Buffer Overflow CVSS Source: Microsoft CVSS:3.1 8.1 / 7.1 Temporal score metrics (3): Exploit Code Example: Detailed Description: The vulnerability allows an attacker to execute arbitrary code on a victim's system by sending a specially crafted packet to a vulnerable system. The attacker does not need any user interaction or privileges to exploit this vulnerability. Technical Details: The vulnerability is caused by a heap-based buffer overflow in the Windows TCP/IP stack. The attacker can exploit this by sending a large packet to a vulnerable system, causing the stack to overflow and execute arbitrary code. Mitigation: Microsoft has released a patch for this vulnerability. Users are advised to apply the patch as soon as possible to mitigate the risk. References: Microsoft Security Advisory Microsoft Knowledge Base Article --- This information is based on the screenshot provided and the details available on the Microsoft Security Response Center (MSRC) website.