Remote Code Execution Vulnerability Found in Windows Internet Key Exchange - Infosecurity Magazine

A bid of exploits person been recovered successful the chaotic targeting Windows Internet Key Exchange (IKE) Protocol Extensions.

According to a caller advisory precocious shared by information institution Cyfirma with Infosecurity, the discovered vulnerabilities could person been exploited to people astir 1000 systems.

The attacks observed by the institution would beryllium portion of a run that astir translates to “bleed you" by a Mandarin-speaking menace actor. 

The Cyfirma Research squad has also observed chartless hackers sharing an exploit nexus connected underground forums, which could beryllium utilized to people susceptible systems.

“A captious vulnerability has been identified successful Microsoft Windows IKE Protocol Extensions,” reads the advisory.

“This vulnerability [...] affects chartless codification of the IKE Protocol Extensions component, manipulation of which leads to distant codification execution (RCE).”

In particular, Cyfirma wrote that the vulnerability lies successful the codification utilized to grip the IKEv1 [...] protocol, which is deprecated but compatible with bequest systems.

The institution has besides clarified that portion IKEv2 is not impacted, the vulnerability affects each Windows Servers due to the fact that they judge some V1 and V2 packets, making the flaw critical.

“The [proof of concept] exploits a representation corruption contented with the svchost of the susceptible system,” reads the method write-up.

“Memory corruption occurs erstwhile Page Heap (a debugging plug-in) successful the strategy is enabled for the Internet Key Exchange process. The exe process hosting the Internet Key Exchange protocol work crashes portion attempting to work information beyond an allocated buffer.”

In presumption of attribution, Cyfirma said the menace histrion is presently chartless but besides that the squad observed connections betwixt the “bleed you” run and Russian cyber-criminals.

“From a strategical viewpoint connected changing geopolitical scenarios from outer menace scenery management, Russia and China are observed to signifier a strategical relationship,” wrote the company.

Cyfirma added that Microsoft has allocated CVE-2022-34721 to the contented and fixed it by adding a cheque connected incoming information magnitude and skipping processing of that information if the magnitude is excessively small.