Critical RCE Vulnerability in Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions

Microsoft security updates addressed a remote code execution vulnerability in IKE Protocol Extensions

Threat ID:: CC-4169
Threat Severity:: High
Published:: 16 September 2022 1:03 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Microsoft security updates addressed a remote code execution vulnerability in IKE Protocol Extensions

Affected platforms

The following platforms are known to be affected:

Microsoft Windows Server

Windows Server 2022 (Server Core installation and Azure Edition Core Hotpatch)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2

Microsoft Windows

Windows 11 for x64-based Systems
Windows 11 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1

Threat details

Introduction

Microsoft has released details of a critical remote code execution vulnerability, known as CVE-2022-34721, in the September 2022 security updates. This vulnerability has a CVSSv3 score of 9.8.

CVE-2022-34721 relates to Windows Internet Key Exchange (IKE) Protocol Extensions and an unauthenticated, remote attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation.

Proof-of-concept and Exploitation in the wild for CVE-2022-34721

Security researchers have released a proof-of-concept (PoC) code and exploitation has been reported in the wild.

Threat updates

Date	Update
30 Nov 2022	Exploitation This Cyber Alert has been updated to reflect that there has been exploitation in the wild reported.

Remediation advice

Affected organisations are required to read Microsoft's guidance on the Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability CVE-2022-34721 and apply the relevant updates as soon as practicable.

Definitive source of threat updates

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34721

CVE Vulnerabilities

Status Published

CVE-2022-34721

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722.

Last edited: 30 November 2022 2:47 pm