RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
RedLegg will include a brief description of the vulnerability, whether or not an active exploit or POC exists, and then a link to an update, if any, exists. If no update exists, there will be remediation or mitigation suggestions to limit each vulnerability's risk.
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
Exploit or POC: Yes (Actively Being Exploited)
Description: CVE-2022-34721 allows for remote code execution. User interaction and authentication are not required for successful exploitation. An attacker could use a specially crafted IP packet to provoke remote code execution by targeting running Windows machines that have IPSec enabled. IKEv2 is not affected however, IKEv1 and Windows Servers are impacted by this vulnerability.
Mitigation recommendation: Patching is currently the only method of mitigation
RedLegg Action: None at this time.