December 5, 2023

Numerous exploits have been found in the wild targeting Windows Internet Key Exchange Protocol Extensions.

The discovered vulnerabilities could have been exploited to target systems. The attacks observed would be part of a campaign that roughly translates to bleed you by a Mandarin-speaking threat actor.

Advertisements

Resesrchers observed that the unknown hackers sharing an exploit link on underground forums, which could be used to target vulnerable systems.

The vulnerability lies in the code used to handle the IKEv1protocol, which is deprecated but compatible with legacy systems. The IKEv2 is not impacted, the vulnerability affects all Windows Servers because they accept both V1 and V2 packets, making the flaw critical.

Memory corruption occurs when Page Heap in the system is enabled for the Internet Key Exchange process. The exe process hosting the Internet Key Exchange protocol service crashes while attempting to read data beyond an allocated buffer.

Advertisements

Microsoft has allocated CVE-2022-34721 to the issue and fixed it by adding a check on incoming data length and skipping processing of that data if the length is too small.

Customers are advised to patch the vulnerability. This research was documented by researchers from Cyfirma.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023

LogoFAIL Firmware Attack

December 3, 2023

Proliance Surgeons Discloses a Data Breach

December 3, 2023

23andMe Breach affected 14K Customers

December 3, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023

December 2, 2023

Staples affected by a Cyber Attack

December 2, 2023
%d