VPN 电子邮箱

通知公告

    通知公告

    当前位置: 网站首页 -> 正文

    关于Windows IKE协议扩展远程代码执行漏洞(CVE-2022-34721)的预警提示

    信息来源: 发布日期:2022-12-07

    一、漏洞详情

    IKE协议属于一种混合型协议,由Internet安全关联和密钥管理协议(ISAKMP)和两种密钥交换协议OAKLEY与SKEME组成。

    近日,监测到Windows IKE协议扩展远程代码执行漏洞(CVE-2022-34721),该漏洞是通过向启用了IPSec的Windows节点发送特制IP数据包,在系统上执行任意代码。此漏洞仅影响启用了IPSec服务的Windows系统,该漏洞存在于KEv1协议(该协议已弃用,但与旧系统兼容)中的代码,但所有Windows服务器都会受到影响,因为它们同时接受V1和V2数据包,从而使该漏洞变得严重。

    建议受影响用户做好资产自查以及预防工作,以免遭受黑客攻击。

    二、影响范围

    Windows Server 2022

    Windows 10 Version 21H1 for 32-bit Systems

    Windows 10 Version 21H1 for ARM64-based Systems

    Windows 10 Version 21H1 for x64-based Systems

    Windows Server 2019 (Server Core installation)

    Windows Server 2019

    Windows 10 Version 1809 for ARM64-based Systems

    Windows 10 Version 1809 for x64-based Systems

    Windows 10 Version 1809 for 32-bit Systems

    Windows Server 2012 R2 (Server Core installation)

    Windows Server 2012 R2

    Windows Server 2012 (Server Core installation)

    Windows Server 2012

    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

    Windows 10 Version 21H2 for x64-based Systems

    Windows 10 Version 21H2 for ARM64-based Systems

    Windows 10 Version 21H2 for 32-bit Systems

    Windows 11 for ARM64-based Systems

    Windows 11 for x64-based Systems

    Windows 10 Version 20H2 for ARM64-based Systems

    Windows 10 Version 20H2 for 32-bit Systems

    Windows 10 Version 20H2 for x64-based Systems

    Windows Server 2022 Azure Edition Core Hotpatch

    Windows Server 2022 (Server Core installation)

    Windows Server 2008 R2 for x64-based Systems Service Pack 1

    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

    Windows Server 2008 for x64-based Systems Service Pack 2

    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

    Windows Server 2008 for 32-bit Systems Service Pack 2

    Windows RT 8.1

    Windows 8.1 for x64-based systems

    Windows 8.1 for 32-bit systems

    Windows 7 for x64-based Systems Service Pack 1

    Windows 7 for 32-bit Systems Service Pack 1

    Windows Server 2016 (Server Core installation)

    Windows Server 2016

    Windows 10 Version 1607 for x64-based Systems

    Windows 10 Version 1607 for 32-bit Systems

    Windows 10 for x64-based Systems

    Windows 10 for 32-bit Systems

    三、修复建议

    目前官方已发布安全版本修复上述漏洞,建议受影响的用户升级至安全版本。

    下载链接:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721

    上一条:信息化建设与管理中心2023年寒假值班表

    下一条:关于Google Chrome代码执行漏洞(CVE-2022-2856)的预警提示

    地址:江苏省张家港市福新路1号    

    电话:0512-56730899