Intrusion PreventionMS.Windows.DHCPv6.ParseDhcpv6Options.Code.Execution
Description
This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft Windows Server
A remote attacker on the same network segment as the victim can exploit this vulnerability by setting up a rogue DHCPv6 server and responding to DHCPv6 requests with malicious DHCPv6 reply messages. Successful exploitation will result in the attacker being able to run arbitrary code with administrative privileges on the target system.
Affected Products
Microsoft Windows 10 version 1803
Microsoft Windows 10 Version 1809
Microsoft Windows Server 2019
Microsoft Windows Server 2019 (Server Core installation)
Microsoft Windows Server version 1803 (Server Core Installation)
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0698
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-11-22 | 15.729 | Name:Microsoft. Windows. DHCPv6. ParseDhcpv6Options. Code. Execution:MS. Windows. DHCPv6. ParseDhcpv6Options. Code. Execution |
| 2019-04-26 | 14.602 | Default_action:pass:drop |
| 2019-04-17 | 14.596 |
| ID | 47729 |
| Created | Apr 17, 2019 |
| Updated | Oct 25, 2021 |
| Risk |
|
| CVE ID | CVE-2019-0698 |
| Exploit Prediction Score | 90.18% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |