Skip to main content

Critical RCE Vulnerability in Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions

Microsoft security updates addressed a remote code execution vulnerability in IKE Protocol Extensions

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Microsoft security updates addressed a remote code execution vulnerability in IKE Protocol Extensions


Affected platforms

The following platforms are known to be affected:

Microsoft Windows

  • Windows 11 for x64-based Systems                                                     
  • Windows 11 for ARM64-based Systems                                                     
  • Windows 10 Version 21H2 for x64-based Systems                                                     
  • Windows 10 Version 21H2 for ARM64-based Systems                                                        
  • Windows 10 Version 21H2 for 32-bit Systems                                                     
  • Windows 10 Version 21H1 for x64-based Systems                                                     
  • Windows 10 Version 21H1 for ARM64-based Systems                                                     
  • Windows 10 Version 21H1 for 32-bit Systems                                                     
  • Windows 10 Version 20H2 for x64-based Systems                                                     
  • Windows 10 Version 20H2 for ARM64-based Systems                                                     
  • Windows 10 Version 20H2 for 32-bit Systems                                                     
  • Windows 10 Version 1809 for x64-based Systems                                                     
  • Windows 10 Version 1809 for ARM64-based Systems                                                     
  • Windows 10 Version 1809 for 32-bit Systems                                                     
  • Windows 10 Version 1607 for x64-based Systems                                                     
  • Windows 10 Version 1607 for 32-bit Systems                                                     
  • Windows 10 for x64-based Systems                                                     
  • Windows 10 for 32-bit Systems                                                     
  • Windows RT 8.1                                                     
  • Windows 8.1 for x64-based systems                                                     
  • Windows 8.1 for 32-bit systems                                                     
  • Windows 7 for x64-based Systems Service Pack 1                                                     
  • Windows 7 for 32-bit Systems Service Pack 1                                                     

Threat details

Introduction

Microsoft has released details of a critical remote code execution vulnerability​​​​​​, known as CVE-2022-34721, in the September 2022 security updates. This vulnerability has a CVSSv3 score of 9.8.

CVE-2022-34721 relates to Windows Internet Key Exchange (IKE) Protocol Extensions and an unauthenticated, remote attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation.

Proof-of-concept code has been released

Security researchers have released a proof-of-concept (PoC) code and exploitation may follow.


Remediation advice

Affected organisations are required to read Microsoft's guidance on the Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability CVE-2022-34721 and apply the relevant updates as soon as practicable.



Last edited: 16 September 2022 1:03 pm