Multiple vulnerabilities in Microsoft Windows DHCP server
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2019-1206 CVE-2019-1212 CVE-2019-1213 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Windows Server Operating systems & Components / Operating system Windows Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU20202
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1206
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. A remote attacker can send a specially crafted request to the affected service, trigger memory corruption and perform denial of service attack.
Note, the DHCP server must be set to failover mode for the attack to succeed.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows Server: 2012 - 2019 1903
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU20203
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1212
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error the Windows Server DHCP service when processing DHCP packets. A remote attacker can create specially crafted DHCP packets to the affected service, trigger memory corruption and perform denial of service attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 7 - 10 1903 10.0.18362.116
Windows Server: 2008 - 2019 1903
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1212
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU20204
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1213
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error the Windows Server DHCP service when processing DHCP packets. A remote attacker can send specially crafted DHCP packets to the affected service, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows Server: 2008
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1213
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
