MS.Windows.DHCP.Server.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Microsoft Windows Server.
A remote attacker on the same local network can exploit this vulnerability by sending a large number of DHCP messages a in order to trigger a race condition. Successful exploitation could result in the execution of arbitrary code as SYSTEM, and unsuccessful exploitation could result in denial of service conditions on the target service.
Affected Products
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0725
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |