Windows IKE RCE is a critical Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution vulnerability impacting numerous Windows versions, according to a security researcher from the Cyber Security Research Company, 78researchlab. Internet Key Exchange is the mechanism used to create a security association (SA) in the IPsec protocol family, according to Wikipedia. The Oakley protocol and ISAKMP are built upon by IKE. IKE establishes a shared session secret from which cryptographic keys are produced using X.509 certificates for authentication, either pre-shared or distributed using DNS (ideally with DNSSEC).
Microsoft urged users to promptly install fixes since it has issued a warning that a threat actor might use the vulnerability (CVSSv3 base score of 9.8) to execute arbitrary code on the machine. Yuki Chen, who discovered the flaw in Cyber KunLun, was thanked by the company.
This vulnerability allows an attacker to run arbitrary code on the system by delivering a specially crafted IP packet to a Windows node with IPSec enabled. IKEv1 alone is affected by CVE-2022-34721. However, because they accept both V1 and V2 packets, all Windows Servers are impacted. Microsoft patched the flaw on September’s Patch Tuesday.
Today, 78ResearchLab made the proof-of-concept code for this vulnerability available on GitHub, and it will soon publish the analysis report. Users of vulnerable Windows versions are advised to prioritise installing the fixes in order to stop ongoing exploitation efforts in light of the PoC’s release.