CVE-2024-38063 vulnerability may affect Windows 7 users

[Vort0101]

Hello.

Recently critical bug in Windows TCP/IP driver was discovered - CVE-2024-38063.
Windows 10 and 11 users usually have autoupdates enabled, so they should be fine.
But for Windows 7 users, manual installation of update with fix may be needed.

Microsoft released kb5041823 update to solve this problem.
However, they stated it can be applied only to Server 2008 R2.
I tried to install it on my Windows 7 and it worked fine:
tcpip.sys was updated to version 6.1.7601.27263, made on 09.07.2024.

This bug affects machines, which use IPv6 protocol, so I suggest people who have IPv6 enabled to update their systems.

 

[Alejandro85]

An unpatched system can simply disable IPv6 to mitigate this, as the bug is within the IPv6 network stack and don't seems to affect IPv4 at all, so there is an easy way out of problems that don't really sacrifices anything at this point.

However, they stated it can be applied only to Server 2008 R2.
I tried to install it on my Windows 7 and it worked fine:

No big surprises here. Windows 7 and Windows Server 2008 R2 are exactly the same program, I'm not impressed that the patch actually works on Win7.

 

[SIW2]

ApplicabilityInfo="Windows 7.0 Client SP1;Windows 7.0 Server Core SP1;Windows 7.0 Embedded SP1;Windows 7.0 Server SP1;Windows 7.0 WinPE 3.1;"
Applies to="Windows 6.1"
Build Date="2024/08/10"
Company="Microsoft Corporation"
File Version="1"
Installation Type="FULL"
Installer Engine="Component Based Servicing - WUSA.exe"
Installer Version="6.1.7601.26614"
KB Article Number="5041823"
Language="ALL"
Package Type="Security Update"
Processor Architecture="amd64"
Product Name="Windows 6.1"
Support Link="https://support.microsoft.com/help/5041823"

 

[Malneb]

yeah vista and 7 are just the same as 2008 so all those OS should apply this patch.