Archives for 2022

Windows Servers Vulnerable to IKE Exploit


Title: CVE-2022-34721

78ResearchLab recently published a proof of concept for a new exploit affecting almost all versions of Windows Server.

The vulnerability was found in the implementation of IKE version 1 extensions.

Despite version 2 being widely available and used, both v1 and v2 are accepted by default on Windows Servers. Successful exploitation of this vulnerability would lead to remote code execution (RCE) on the target server.

This may allow a malicious actor to read and modify sensitive information stored on the server and potentially use it as a pivot point in order to further compromise a network.

David Stubley, MD of 7 Elements says;

Patches should be applied as soon as possible in order to prevent compromise. There is a window of opportunity to patch as the POC is not easily usable, but with these things that is likely to change and become stable exploit code that can be used by lower skilled malicious actors.

 

Microsoft have released patches for supported versions of Windows and 7 Elements would recommend applying them as soon as possible.

Microsoft often releases patches on the second Tuesday of the month in what is known as “Patch Tuesday”. Allocating time to apply and test these patches every month is recommended.

REDCENTRIC ACQUIRES 7 ELEMENTS

Following the announcement that 7 Elements Ltd has been acquired by Redcentric, I wanted to introduce myself and Redcentric and let you know how this exciting development will further complement and expand the services 7 Elements currently delivers.

Redcentric is a managed service provider that delivers highly available network, cloud and collaboration solutions that help public and private sector organisations succeed. We’ve built the business through our owned multiple UK data centres, national 100Gb MPLS network and dual 24/7 network operation centres and can show a strong performance with revenues growing, strong profit margins and excellent cash generation. Our customers include HowdensHaysThe White CompanyChannel 4 and a number of NHS and public sector organisations including NHS Digital.

Our immediate focus is to maintain the high level of customer service that 7 Elements delivers today, providing a seamless experience for you. It’s important to us that we retain and build upon the knowledge, technical capability and high standards of service delivery that the 7 Elements team currently provides, as this was a key driver in our decision to acquire it.

Whilst 7 Elements is now a key part of the Redcentric group, enhancing our network, cloud and collaboration portfolio, it will continue to operate as a separate business entity and all current points of contact for you will remain.

Given our commitment to maintaining the high level of customer service, professionalism and capability that you are accustomed to, we’d love to hear from you and answer any questions you may have.

Please contact Redcentric on email@redcentricplc.com and we’ll come back to you as soon as we can.

Kind regards,

Peter Brotherton

CEO, Redcentric