Intrusion PreventionMS.Windows.Internet.Key.Exchange.Protocol.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Microsoft Windows Server.
The vulnerability is due to improper handling of incoming packets when IKEEXT service is enabled on the machine. A remote attacker could exploit this vulnerability by sending a crafted ISAKMP packet to a target server. Successful exploitation could result in the execution of arbitrary commands.
Affected Products
Microsoft Windows 10 Version 1607
Microsoft Windows 10 Version 1809
Microsoft Windows 10 version 20H2
Microsoft Windows 10 version 21H1
Microsoft Windows 10 Version 21H2
Microsoft windows 11 arm64
Microsoft windows 11 x64
Microsoft windows 7 sp1
Microsoft windows 8.1
Microsoft windows RT 8.1
Microsoft windows server 2008 sp2
Microsoft windows server 2008 r2 sp1 x64
Microsoft windows server 2012
Microsoft windows server 2012 r2
Microsoft windows server 2016
Microsoft windows server 2019
Microsoft windows server 2022
Microsoft windows server 2022 azure
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34721
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| ID | 52447 |
| Created | Dec 20, 2022 |
| Updated | Jan 03, 2023 |
| CVE ID | |
| Risk |
|
| Exploit Prediction Score | 26.6% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |
| Profile Type | Permission/Privilege/Access Control |