In this excerpt of a TrendAI Research Services vulnerability report, Richard Chen and Lucas Miller of the TrendAI Research team detail a recently patched double free vulnerability in the Windows Internet Key Exchange (IKE) service. This bug was originally discovered by WARP & MORSE team at Microsoft. Successful exploitation could result in a crash of the IKEEXT service, or potentially arbitrary code execution. The following is a portion of their write-up covering CVE-2026-33824, with a few minimal modifications.
A double free vulnerability has been reported in the Windows Internet Key Exchange (IKEv2) service. The vulnerability is due to an error when processing fragments.
An unauthenticated, remote attacker could exploit this vulnerability by sending crafted packets to the target server. Successful exploitation could result in a crash of the IKEEXT service, or potentially arbitrary code execution.
The Vulnerability
Microsoft Windows is an operating system which includes both server and desktop components along with an easy-to-use GUI. All currently supported versions of Windows include Internet Key Exchange Protocol Extensions to support the Virtual Private Network (VPN) feature.
The VPN feature of Windows encrypts communication between hosts. ISAKMP is a negotiation protocol used by IPsec-enabled hosts to build a security association. It uses the Internet Key Exchange (IKE) Protocol in order to negotiate keys for encrypted communication. IKE has two versions: IKEv1 and IKEv2. IKE version 1 (IKEv1) and version 2 (IKEv2) messages have the following general format:
The type of payload is determined by the Next Payload header of the previous payload, or the Next Payload field in the header (in the case of the first payload).
IKEv2 supports message fragmentation as defined in RFC 7383. When IKEv2 messages exceed the path MTU, they may be split into multiple Encrypted Fragment payloads. Of interest to this report is the Encrypted Fragment (SKF) payload (type 0x35). The SKF payload format is defined as:
When an IKEv2 implementation receives fragments, it inserts each fragment into an ordered list and reassembles them once all fragments have been received. In the Windows implementation, the function IkeReinjectReassembledPacket() performs this reassembly.
A double-free vulnerability has been reported in the Windows IKE Extension library (ikeext.dll). The vulnerability is due to improper ownership handling of a heap-allocated blob pointer during IKEv2 fragment reassembly. During the IKE_SA_INIT exchange, a Security Realm Vendor ID payload causes IkeHandleSecurityRealmVendorId() to allocate a blob and store it in the MMSA (Main Mode Security Association) structure at offset 0x208. When a fragmented IKE_AUTH message is fully reassembled, IkeReinjectReassembledPacket copies MMSA fields at offsets 0x178 through 0x21F - including the blob pointer at 0x208 - into a local stack struct. This struct is then passed to IkeQueueRecvRequest, which shallow-copies it into a heap-allocated work item. While IkeQueueRecvRequest deep-copies the reassembly buffer at offset 0x10 in the struct, the Security Realm blob pointer at offset 0xC8 remains a shallow copy, aliasing the original at MMSA+0x208.
When the thread pool processes the queued work item, IkeDestroyPacketContext checks the blob pointer at offset 0xC8 and calls WfpMemFree to release it (first free). The MMSA structure still holds the original pointer to the same allocation at offset 0x208. When the MMSA is subsequently cleaned up through IkeCleanupMMNegotiation, the SA reference count is decremented via IkeDerefMMSA, eventually triggering IkeFreeMMSA, which frees the blob pointer at MMSA offset 0x208 - the same allocation already freed by IkeDestroyPacketContext (second free).
A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted IKE_SA_INIT message followed by two or more Encrypted Fragment (SKF) payloads containing an invalid IKE_AUTH message to the target server. The fragment reassembly path will shallow-copy the blob pointers, and the subsequent MMSA cleanup will trigger the double free. Successful exploitation could result in arbitrary code execution under the security context of the IKEEXT service (SYSTEM).
Source Code Walkthrough
The following code snippets were taken from IKEEXT.DLL file version 10.0.20348.2849 and decompiled with IDA Pro version 8.3. Comments added by TrendAI have been highlighted.
Detection Guidance
To detect an attack exploiting this vulnerability, the detection device must monitor and parse traffic on UDP ports 500 and 4500. The IKE general format, Payloads field, and the Encrypted Fragment (SKF) payload format can be seen above.
The detection device should monitor all incoming IKE traffic. Detection requires correlating two packets within the same IKE session: an IKE_SA_INIT request carrying the Microsoft Security Realm Vendor ID, followed by a fragmented IKE_AUTH request. Neither packet alone is malicious; both must be observed in sequence from the same source.
IKE_SA_INIT
At byte offset 17 of the UDP payload, the device should check for the three-byte sequence 20 22 08, which corresponds to the IKEv2 version identifier (0x20), the IKE_SA_INIT exchange type (0x22), and the Initiator flag (0x08). The device should then scan the remainder of the packet for the 16-byte sequence 68 6a 8c bd fe 63 4b 40 51 46 fb 2b af 33 e9 e8, which is the Microsoft Security Realm Vendor ID. If both conditions are met, the device should follow the guidance below.
IKE_AUTH
For subsequent packets from the same source, the device should check bytes at offset 16 through 23 of the UDP payload. At offset 16, the four-byte sequence 35 20 23 08 identifies an Encrypted Fragment payload (SKF, type 0x35), IKEv2 version (0x20), IKE_AUTH exchange type (0x23), and Initiator flag (0x08). If found, the detection device should inspect offset 20 and search for the four-byte sequence00 00 00 01. If found the traffic should be considered malicious; an attack exploiting this vulnerability is likely underway.
Notes
• All multi-byte values should be treated as big endian.
• When detecting traffic on port 4500, IKE packets are prepended by a 4-byte non-ESP marker (\x00\x00\x00\x00), shifting all IKE header content offsets by 4.
Conclusion
This vulnerability was patched by Microsoft in the April 2026 release cycle. They do note two mitigations that could prevent exploitation while the patch is being tested and deployed.
· Block inbound traffic on UDP ports 500 and 4500 for systems that do not use IKE.
· For systems that require IKE, configure firewall rules to allow inbound traffic on UDP ports 500 and 4500 only from known peer addresses.
These mitigations may be removed once the security patch is applied. The only way to fully remediate the vulnerability is to apply the update from the vendor.
Special thanks to Richard Chen and Lucas Miller of the TrendAI Research team for providing such a thorough analysis of this vulnerability. For an overview of TrendAI Research services please visit https://go.trendmicro.com/tis/vulnerabilities.html.
The threat research team will be back with other great vulnerability analysis reports in the future. Until then, follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.
