Microsoft has issued an urgent security alert advising customers to apply patches for vulnerabilities in the Windows transmission control/internet protocol (TCP/IP) networking stack, as its security researchers expect the flaws to be exploited soon.
Of the three vulnerabilities, the CVE-2021-24086 flaw is easy to exploit for denial of service attacks that cause a STOP error with a Blue Screen of Death in Windows, Microsoft said.
Two remote code execution (RCE) bugs are also fixed in this month's Patch Wednesday set of security updates.
Microsoft said that the two RCE vulnerabilities are more complex to exploit, and not likely to be abused in the short term.
However, Microsoft nevertheless expects there to be exploits for all three vulnerabilities shortly after release, and recommends that customers quickly apply patches for Windows.
A workaround for the flaws involves setting Source Routing for IPv4 traffic, by using the Group Policy feature, or the NETSH command in a terminal window.
For IPv6, blocking fragments can mitigate against the vulnerabilities, but could also negatively impact services that depend on the newer internet protocol.