IT colleagues:
Yesterday Microsoft released patches for a variety of vulnerabilities, including one for a critical remote code execution (RCE) vulnerability in the IPv6 subsystem for Windows [1]. The University Information Security Office (UISO) asks that you act to patch this vulnerability immediately.
As of time of writing, active exploitation has not been observed. Given the ubiquitous usage of Windows with IPv6 enabled by default, the UISO expects threat actors to weaponize this vulnerability quickly.
If you are unable to patch this vulnerability, please disable IPv6 on devices you manage.
Please contact us at uiso@iu.edu if you are unable to patch or apply the workaround.
Thanks for your continued partnership in protecting IU.
— IT Community Partnerships on behalf of the University Information Security Office
[1] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063