Security Advisory - Windows TCP/IP Remote Code Execution Vulnerability (CVE-2022-34718 Advisory)
Updated: Dec 28, 2022
A vulnerability was found in Microsoft Windows (Operating System).
It has been classified as critical. Affected is an unknown part of the component TCP/IP. Since the vulnerability was discovered recently, the full extent of its impact remains unknown. The weakness was presented on 09/13/2022 as confirmed security guidance.
This vulnerability is traded as CVE-2022-34718
The advisory is shared for download at portal.msrc.microsoft.com.
What is CVE-2022-34718
CVE-2022-34718 is a Windows TCP/IP Remote Code Execution Vulnerability.
This Critical-rated bug could allow a remote, unauthenticated attacker to execute code with elevated privileges on affected systems without user interaction. That officially puts it into the “wormable” category. However, only systems with IPv6 enabled and IPSec configured are vulnerable.
How this vulnerability works
An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.
Affected products from this vulnerability