CVE-2017-8686Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows Server 2012

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources
Severity
9.8CRITICALNVD
EPSS
8.1%
top 7.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft Windows Server 2012Msrc Windows Server 2012Msrc Windows Server 2012 R2+1 more
Timeline
PublishedSep 13
Latest updateMay 17

Description

The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka "Windows DHCP Server Remote Code Execution Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-27h2-vr79-q7cq: The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHC2022-05-17

📋Vendor Advisories

1
Microsoft
Windows DHCP Server Remote Code Execution Vulnerability2017-09-12

🕵️Threat Intelligence

4
Talos
Microsoft Patch Tuesday - September 20172017-09-12
Qualys
September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches2017-09-12
Talos
Microsoft Patch Tuesday - September 20172017-09-12
Qualys
September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches | Qualys2017-09-12

💬Community

1
Bugzilla
CVE-2016-8685 CVE-2016-8686 CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 CVE-2017-7263 potrace: Multiple 2016-10-17