CVE-2022-21890 Windows IKE Extension Denial of Service Vulnerability

This issue is due to a lack of authentication in the Windows IKE v1.2 protocol. As a result, an unauthenticated attacker can establish a connection to a remote host and perform a denial-of-service attack. This vulnerability affects Windows 7, Windows 8, Windows 10, Windows Server 2012, Windows Server 2016, Windows Storage Server 2016, Windows RT 8.1, Windows 10 Version 1803, Windows 10 Version 1607, Windows Server 2019, Windows Storage Server 2019, Windows 10 IoT Enterprise, Windows 10 Redstone 3, and Windows Server 2019. Cisco has released software updates that address this vulnerability for these operating systems. Cisco recommends that customers running Windows 7 and Windows 10 Version 1803 upgrade to Windows 10 Version 1803 or later.

Cisco has released software to address this vulnerability

Cisco has released software updates that address this vulnerability for the operating systems mentioned in the CVE. Cisco recommends customers upgrade to Windows 10 Version 1803 or later for Windows 7 and Windows 10 Version 1803 for Windows 10 Version 1803.

Vulnerability overview

This issue, CVE-2022-21890, is a vulnerability in the Windows IKE v1.2 protocol on supported versions of Windows that allows an unauthenticated attacker to establish a connection and perform a denial-of-service attack. This vulnerability affects Windows 7, Windows 8, Windows 10, Windows Server 2012, Windows Server 2016, Windows Storage Server 2016, Windows RT 8.1, Windows 10 Version 1803, Windows 10 Version 1607 and later versions of the software running on these operating systems. Cisco has released software updates that address this vulnerability for these operating systems. Cisco recommends that customers running these operating systems upgrade to one of the following release versions:
Windows 10 Version 1803 or later
Windows 10 Version 1607 or later
Windows Storage Server 2016 or later
Windows RT 8.1 or later

IDS and NIDS for Windows

IDS and NIDS are designed to detect, analyze, and respond to malicious activity. IDS and NIDS use information from the networks, databases, applications and other sources to detect unusual activity and stop it before it's too late. In this case, if you're running Windows 7 or Windows 10 Version 1803, Cisco has released software updates that address this vulnerability. Cisco recommends that customers with these operating systems install the software updates as soon as possible.

Vulnerability Overview :

This vulnerability was reported as CVE-2022-21890 and affects Windows 7, Windows 8, Windows 10, Windows Server 2012, Windows Server 2016, Windows Storage Server 2016, Windows RT 8.1, Windows 10 Version 1803, Windows 10 Version 1607, Windows Server 2019, Windows Storage Server 2019, and more. This vulnerability is due to a lack of authentication in the IKEv1.2 protocol. As a result of this issue the attacker can establish an unauthenticated connection with a remote host to perform a denial-of-service attack. Cisco has released software updates for these operating systems to address this vulnerability. They recommend that customers running versions of these operating systems upgrade to their most recent version.

Timeline

Published on: 01/11/2022 21:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21890
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21890