May 29, 2023

Numerous exploits have been found in the wild targeting Windows Internet Key Exchange Protocol Extensions.

The discovered vulnerabilities could have been exploited to target systems. The attacks observed would be part of a campaign that roughly translates to bleed you by a Mandarin-speaking threat actor.

Advertisements

Resesrchers observed that the unknown hackers sharing an exploit link on underground forums, which could be used to target vulnerable systems.

The vulnerability lies in the code used to handle the IKEv1protocol, which is deprecated but compatible with legacy systems. The IKEv2 is not impacted, the vulnerability affects all Windows Servers because they accept both V1 and V2 packets, making the flaw critical.

Memory corruption occurs when Page Heap in the system is enabled for the Internet Key Exchange process. The exe process hosting the Internet Key Exchange protocol service crashes while attempting to read data beyond an allocated buffer.

Advertisements

Microsoft has allocated CVE-2022-34721 to the issue and fixed it by adding a check on incoming data length and skipping processing of that data if the length is too small.

Customers are advised to patch the vulnerability. This research was documented by researchers from Cyfirma.

Tags:

Leave a Reply

You may have missed

CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
%d bloggers like this: