Severity: Critical
A critical vulnerability has been disclosed affecting the Windows Internet Key Exchange (IKE) Service Extensions, impacting multiple Windows desktop and server operating systems commonly used across enterprise and financial infrastructure environments.
The vulnerability, tracked as CVE-2026-33824, is caused by a double free flaw (CWE-415) within the Windows IKE Extension. This issue could allow an unauthenticated remote attacker to execute arbitrary code by sending specially crafted network traffic to affected systems. Given the network-exposed nature of IKE services, exploitation could pose a significant risk to system integrity and availability.
As part of Beeks’ commitment to supporting operational resilience and cyber risk management, this advisory is intended to help organisations assess exposure and implement appropriate mitigations.
Affected Software:
- Windows 10 / 11
- Windows Server 2012, 2016, 2019, 2022, and 2025
Immediate Recommended Actions:
- An official fix is available. For customers who cannot immediately apply the update, Microsoft recommends blocking inbound traffic on UDP ports 500 and 4500 for systems that do not use IKE, or restricting inbound traffic on those ports to known peer addresses only for systems that require IKE.
- The official Microsoft advisory is at msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824. Patching should be treated as high priority given the critical score and network-accessible attack surface.
Further Information:
For detailed information on the vulnerability, please refer to the following sources:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824
If you have any questions or require further assistance, please contact [email protected] or reach out to your Beeks account representative.
This advisory is issued to help ensure the security of your systems and prevent unauthorised access to sensitive data. Beeks remains committed to providing timely security information and support to safeguard your infrastructure.
Beeks will continue to monitor this and related vulnerabilities and provide updates through our Security Advisory Feed.
