Remote Code Execution Vulnerability Found in Windows Internet Key Exchange

25-Nov-22

In particular, Cyfirma wrote that the vulnerability lies in the code used to handle the IKEv1 protocol, which is deprecated but compatible with legacy systems.The company has also clarified that while IKEv2 is not impacted, the vulnerability affects all Windows Servers because they accept both V1 and V2 packets, making the flaw critical.“A critical vulnerability has been identified in Microsoft Windows IKE Protocol Extensions,” reads the advisory.“This vulnerability affects unknown code of the IKE Protocol Extensions component, manipulation of which leads to remote code execution (RCE).”

Read More…