关于Windows IKE协议扩展远程代码执行漏洞(CVE-2022-34721)的预警提示

发布时间:2022-12-02浏览次数:228

一、漏洞详情

IKE协议属于一种混合型协议,由Internet安全关联和密钥管理协议(ISAKMP)和两种密钥交换协议OAKLEYSKEME组成。

近日,监测到Windows IKE协议扩展远程代码执行漏洞(CVE-2022-34721),该漏洞是通过向启用了IPSecWindows节点发送特制IP数据包,在系统上执行任意代码。此漏洞仅影响启用了IPSec服务的Windows系统,该漏洞存在于KEv1协议(该协议已弃用,但与旧系统兼容)中的代码,但所有Windows服务器都会受到影响,因为它们同时接受V1V2数据包,从而使该漏洞变得严重。

建议受影响用户做好资产自查以及预防工作,以免遭受黑客攻击。

二、影响范围

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 Azure Edition Core Hotpatch

Windows Server 2022 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

三、修复建议

目前官方已发布安全版本修复上述漏洞,建议受影响的用户升级至安全版本。

下载链接:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721

首页| 部门简介| 工作职责| 智慧校园| 计算机实验中心| 高性能计算| 信息安全| 政策法规| 正版软件| 服务指南
  • 版权所有 © 常州大学信息化建设与大数据处 Copy Right 2000-2022
    地址:江苏省常州市武进区滆湖路1号常州大学文彬楼   电话:0519 - 86330350   [管理登录]

    苏公网安备 32041202001161号