CVE-2021-24074

Q: What is the severity of CVE-2021-24074?

CVE-2021-24074 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by sending specially crafted TCP/IP packets. It affects Windows operating systems with TCP/IP networking enabled, potentially impacting servers and workstations.

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by sending specially crafted TCP/IP packets. It affects Windows operating systems with TCP/IP networking enabled, potentially impacting servers and workstations.

💻 Affected Systems

Products:

Windows 10
Windows Server 2019
Windows Server 2016
Windows Server, version 1903
Windows Server, version 1909
Windows Server, version 2004
Windows Server, version 20H2

Versions: Various versions up to specific patch levels

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with TCP/IP networking enabled are vulnerable. Windows Firewall may provide some protection but doesn't fully mitigate the vulnerability.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM-level privileges, enabling attackers to install malware, steal data, or create persistent backdoors.

🟠

Likely Case

Remote code execution leading to ransomware deployment, data exfiltration, or lateral movement within networks.

🟢

If Mitigated

Limited impact with proper network segmentation, firewalls, and endpoint protection blocking exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted TCP/IP packets to vulnerable systems. The vulnerability is in the TCP/IP stack implementation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: February 2021 security updates

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074

Restart Required: Yes

Instructions:

1. Apply February 2021 Windows security updates. 2. Use Windows Update or download from Microsoft Update Catalog. 3. Restart system after installation.

🔧 Temporary Workarounds

Disable IPv6

windows

Disabling IPv6 may reduce attack surface but doesn't fully mitigate the vulnerability

netsh interface teredo set state disabled
netsh interface ipv6 set state disabled

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy network intrusion prevention systems to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for February 2021 security updates or use systeminfo command to check OS build number

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB5001027 (or later) is installed via Windows Update history or systeminfo

📡 Detection & Monitoring

Log Indicators:

Windows Security Event logs showing unexpected process creation
System logs with TCP/IP stack errors

Network Indicators:

Unusual TCP/IP traffic patterns
Malformed packets targeting Windows systems

SIEM Query:

source="windows" AND (event_id=4688 OR event_id=1) AND process_name="cmd.exe" OR process_name="powershell.exe"

📊 Metadata

CVE ID: CVE-2021-24074

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: February 25, 2021

Last Updated: November 21, 2024

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 7 by Microsoft

Windows 8.1 by Microsoft

Windows Rt 8.1 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable IPv6

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export