CVE-2023-21758
published 2023-01-10CVE-2023-21758: Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
PriorityP352high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
91.60%
99.8th percentile
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.19685 | 10.0.10240.19685 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.5648 | 10.0.14393.5648 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.3887 | 10.0.17763.3887 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.3887 | 10.0.17763.3887 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.2486 | 10.0.19042.2486 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.2486 | 10.0.19044.2486 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.2486 | 10.0.19045.2486 |
| microsoft | windows_11 | — | — |
| microsoft | windows_11 | — | — |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.1455 | 10.0.22000.1455 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.1105 | 10.0.22621.1105 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.5648 | 10.0.14393.5648 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.3887 | 10.0.17763.3887 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.1487 | 10.0.20348.1487 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_20h2 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability affects the Windows Internet Key Exchange (IKE) Extension, meaning detection should focus on anomalous or malformed IKE traffic targeting Windows systems (typically UDP port 500 and UDP port 4500 for NAT-T). ↗
- →Customer action is required and exploitation is assessed as 'Less Likely' for both latest and older software releases, but the vulnerability is publicly disclosed — prioritize patching and monitoring IKE/IPsec service availability on exposed Windows endpoints. ↗
- →Impact is Denial of Service against the Windows IKE Extension component; monitor for unexpected crashes or restarts of the IKE/IPsec service (ikeext.dll / IKEEXT service) on Windows hosts. ↗
- ·No exploit code, hashes, malicious domains/IPs, or specific attack payloads are disclosed in the available sources. Operational IOCs cannot be extracted from the provided documentation. ↗
- ·Remediation references point to multiple KB updates (KB5022286, KB5022291, KB5022282, KB5022287, KB5022303, KB5022297, KB5022289) covering different Windows versions — ensure the correct KB is applied per OS version. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4r79-wrpg-4jmm: Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
ghsa_unreviewed·2023-01-11·CVSS 7.5
CVE-2023-21683 [HIGH] GHSA-4r79-wrpg-4jmm: Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2023-21677, CVE-2023-21758.
GHSA
GHSA-qqg4-gm3f-2r2x: Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
ghsa_unreviewed·2023-01-11·CVSS 7.5
CVE-2023-21758 [HIGH] GHSA-qqg4-gm3f-2r2x: Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2023-21677, CVE-2023-21683.
GHSA
GHSA-6rrv-6hm4-96q7: Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
ghsa_unreviewed·2023-01-11·CVSS 7.5
CVE-2023-21677 [HIGH] GHSA-6rrv-6hm4-96q7: Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2023-21683, CVE-2023-21758.
Microsoft
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
vendor_msrc·2023-01-10·CVSS 7.5
CVE-2023-21758 [HIGH] CWE-476 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Windows IKE Extension: Windows IKE Extension
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
Reference: https://support.microsoft.com/help/5022286
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
Reference: https://support.microsoft.com/help/5022282
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
Refe
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-10
Published