QID 376232

Date Published: 2022-01-12

QID 376232: Microsoft Windows Internet Key Exchange (IKE) Extension Multiple Vulnerabilities for January 2022

CVE-2022-21889,CVE-2022-21843,CVE-2022-21883,CVE-2022-21848,CVE-2022-21890: Windows IKE Extension Denial of Service Vulnerability
CVE-2022-21849: Windows IKE Extension Remote Code Execution Vulnerability

Affected Versions
Windows IKE affected with the IPSec service running

QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting

Successful exploitation of this vulnerability can lead to denial of service and execution of remote code, which may aid further attacks.

  • CVSS V3 rated as Critical - 9.8 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
  • Solution
    Microsoft has released patch for updates pertaining these vulnerabilities. For more information, please check advisory.
    Software Advisories
    Advisory ID Software Component Link
    CVE-2022-21843 URL Logo msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21843
    CVE-2022-21848 URL Logo msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21848
    CVE-2022-21849 URL Logo msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21849
    CVE-2022-21883 URL Logo msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21883
    CVE-2022-21889 URL Logo msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21889
    CVE-2022-21890 URL Logo msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21890