On September 13, 2022, Microsoft disclosed and released an update for a remote code execution vulnerability, CVE-2022-34718, affecting the TCP/IP protocol. This communication protocol is used to interconnect devices on the Internet in services such as the World Wide Web or email.
The exploit leverages a malformed IPv6 packet to a Windows node where IPSec is enabled. This could enable a remote code execution exploitation, giving an attacker system-level privilege to that machine. We anticipate public exploit code will be released quickly for this vulnerability.
This vulnerability impacts all Windows machines running IPv6 and IPSec.
The UISO has not observed local attacks exploiting this vulnerability.
Microsoft delivered a patch to this vulnerability through their Security Monthly Quality Rollup. We recommend applying the patch as soon as possible in most situations. Several other critical vulnerabilities are patched in the same update. It can be applied via Windows Update or finding your appropriate version of Windows on the update guide [1].
Disabling IPSec and/or IPv6 on the target machine will remove the risk of an exploit. If these services are needed for the business function of the device, then the update is the only way to mitigate this vulnerability.
