📄 Description (English)
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
🤖 AI Executive Summary
CVE-2026-35424 is a memory leak vulnerability in Windows IKE Protocol (CWE-401) affecting multiple Windows 10 versions, with a CVSS score of 7.5. An unauthenticated attacker can exploit this over the network to cause denial of service by exhausting system memory. Currently, no patch is available, requiring immediate compensating controls in Saudi organizations.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 18, 2026 08:37
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi banking sector (SAMA-regulated institutions), government agencies (NCA oversight), and critical infrastructure operators. VPN and IPSec implementations used by telecommunications providers (STC, Mobily) and energy sector (ARAMCO) are particularly vulnerable. Healthcare organizations using Windows-based VPN gateways and financial institutions relying on IKE for secure communications face potential service disruption. The memory exhaustion attack can impact availability of critical services without requiring authentication.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Telecommunications
Energy and Utilities
Healthcare
Critical Infrastructure
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Inventory all Windows 10 systems (versions 1607, 1809, 21H2, 22H2) running IKE protocol or IPSec services
2. Disable IKE/IPSec services on non-critical systems until patch availability
3. Implement network segmentation to restrict IKE traffic to trusted sources only
4. Deploy rate limiting on IKE protocol handlers at firewall/gateway level
COMPENSATING CONTROLS:
5. Monitor Windows Event Viewer for IKE-related errors and memory pressure alerts
6. Implement memory usage thresholds with automated alerts for IKE processes
7. Configure firewall rules to limit IKE connections per source IP
8. Deploy IDS/IPS signatures to detect abnormal IKE traffic patterns
9. Schedule regular system restarts for affected systems to clear memory leaks
10. Consider alternative VPN solutions (non-Windows IKE implementations) for critical paths
DETECTION RULES:
- Monitor for sustained high memory consumption by ikeext.exe or rasplap.exe processes
- Alert on IKE protocol errors (Event ID 13000-13999 range)
- Track failed IKE SA establishment attempts from single source
- Monitor for rapid IKE connection attempts followed by disconnections
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حصر جميع أنظمة Windows 10 (الإصدارات 1607، 1809، 21H2، 22H2) التي تشغل بروتوكول IKE أو خدمات IPSec
2. تعطيل خدمات IKE/IPSec على الأنظمة غير الحرجة حتى توفر التصحيح
3. تطبيق تقسيم الشبكة لتقييد حركة IKE للمصادر الموثوقة فقط
4. نشر تحديد معدل على معالجات بروتوكول IKE على مستوى جدار الحماية
الضوابط التعويضية:
5. مراقبة سجل أحداث Windows للأخطاء المتعلقة بـ IKE وتنبيهات ضغط الذاكرة
6. تطبيق حدود استخدام الذاكرة مع تنبيهات آلية لعمليات IKE
7. تكوين قواعد جدار الحماية لتحديد اتصالات IKE لكل عنوان IP مصدر
8. نشر توقيعات IDS/IPS للكشف عن أنماط حركة IKE غير الطبيعية
9. جدولة إعادة تشغيل منتظمة للأنظمة المتأثرة لمسح تسرب الذاكرة
10. النظر في حلول VPN بديلة (تطبيقات IKE غير Windows) للمسارات الحرجة
قواعد الكشف:
- مراقبة استهلاك الذاكرة المرتفع المستمر لعمليات ikeext.exe أو rasplap.exe
- تنبيهات أخطاء بروتوكول IKE (نطاق معرف الحدث 13000-13999)
- تتبع محاولات إنشاء IKE SA الفاشلة من مصدر واحد
- مراقبة محاولات اتصال IKE السريعة متبوعة بقطع الاتصالات
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.12.2.1 - Change management procedures
ECC 2024 A.13.1.3 - Segregation of networks
🔵 SAMA CSF
SAMA CSF ID.RA-1 - Asset management and vulnerability identification
SAMA CSF PR.IP-12 - System and information integrity
SAMA CSF DE.CM-1 - Detection and analysis
🟡 ISO 27001:2022
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities
ISO 27001:2022 A.13.1.3 - Segregation of networks
ISO 27001:2022 A.8.1.1 - Inventory of assets
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates
PCI DSS 11.2 - Vulnerability scanning
📦 Affected Products / CPE 25 entries
microsoft:windows_10_1607
microsoft:windows_10_1607
microsoft:windows_10_1809
microsoft:windows_10_1809
microsoft:windows_10_21h2
microsoft:windows_10_21h2
microsoft:windows_10_21h2
microsoft:windows_10_22h2
microsoft:windows_10_22h2
microsoft:windows_10_22h2
microsoft:windows_11_23h2
microsoft:windows_11_23h2
microsoft:windows_11_24h2
microsoft:windows_11_24h2
microsoft:windows_11_25h2
microsoft:windows_11_25h2
microsoft:windows_11_26h1
microsoft:windows_11_26h1
microsoft:windows_server_2012:-
microsoft:windows_server_2012:r2
microsoft:windows_server_2016
microsoft:windows_server_2019
microsoft:windows_server_2022
microsoft:windows_server_2022_23h2
microsoft:windows_server_2025