Windows TCP/IP Denial of Service Vulnerability

nilesh dalavi

Technical Director & Co-Owner at Reconshell

Published Apr 11, 2021

Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.

CVE-2021-24086

This is a proof of concept for CVE-2021-24086 (“Windows TCP/IP Denial of Service Vulnerability “), a NULL dereference in tcpip.sys patched by Microsoft in February 2021. According to this tweet, the vulnerability has been found by @piazzt. It is triggerable remotely by sending malicious UDP packet over IPv6.

You can read Microsoft’s blog here: Multiple Security Updates Affecting TCP/IP: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086. It discusses briefly the impact and workaround/mitigations.

To view or add a comment, sign in

Windows TCP/IP Denial of Service Vulnerability

nilesh dalavi

Technical Director & Co-Owner at Reconshell

More articles by nilesh dalavi

Insights from the community

Others also viewed

Week 38 of 2024

Windows 10 Fall Creators Update: What’s new for West Palm Beach and Fort Lauderdale users?

Keeping encryption secure from BitLocker sniffing

7 popular reasons why you cannot connect or communicate other machines

Security baseline for Windows 10 - DRAFT

Session Hijacking using Ettercap, Hamster and Ferret (A Beginner Guide)

How To Drop or Block Attackers IP Address With Null Routes On a Linux

SSTP VPN, Firewall friendly protocol

Is there any situation where it would be better to use FTPS instead of STFP?

Explore topics

More articles by nilesh dalavi

RedCloud OS

WordPress Social Login and Register Authentication Bypass

Wireless Pentesting Cheat Sheet

Kali Linux Cheat Sheet

Data Science Interview Preparation

Tools and Techniques for Red Team

MySQL Cheat Sheet

process injection enumeration tool

Industrializing Financial Services with DevOps

SSH based reverse shell