78ResearchLab recently published a proof of concept for a new exploit affecting almost all versions of Windows Server.
The vulnerability was found in the implementation of IKE version 1 extensions.
Despite version 2 being widely available and used, both v1 and v2 are accepted by default on Windows Servers. Successful exploitation of this vulnerability would lead to remote code execution (RCE) on the target server.
This may allow a malicious actor to read and modify sensitive information stored on the server and potentially use it as a pivot point in order to further compromise a network.
David Stubley, MD of 7 Elements says;
Patches should be applied as soon as possible in order to prevent compromise. There is a window of opportunity to patch as the POC is not easily usable, but with these things that is likely to change and become stable exploit code that can be used by lower skilled malicious actors.
Microsoft have released patches for supported versions of Windows and 7 Elements would recommend applying them as soon as possible.
Microsoft often releases patches on the second Tuesday of the month in what is known as “Patch Tuesday”. Allocating time to apply and test these patches every month is recommended.