Arbitrary code execution in Windows Server DHCP

Published: 2017-09-12 22:38:32 | Updated: 2017-09-12 22:45:04
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2017-8686
Exploitation vector Local network
Public exploit Not available
Vulnerable software Windows Server
Vulnerable software versions Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Vendor URL Microsoft

Security Advisory

1) Improper input validation


The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The vulnerability exists in the Windows Server DHCP service due to improper validation of user-supplied input. An adjacent attacker can send specially crafted packets to a DHCP failover server and run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive.

Successful exploitation of this vulnerability may result in system compromise.


Install updates from vendor's website.

External links

Back to List