cbcvebase.
CVE-2017-8686
published 2017-09-13

CVE-2017-8686: The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP…

PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
27.50%
97.8th percentile
The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka "Windows DHCP Server Remote Code Execution Vulnerability".

Affected

4 ranges
VendorProductVersion rangeFixed in
microsoftwindows_server_2012
msrcwindows_server_2012
msrcwindows_server_2012_r2
msrcwindows_server_2016

Detection & IOCsextracted from sources · hover to see the quote

  • Target service is Windows Server DHCP — attack requires DHCP failover mode to be enabled; monitor for specially crafted packets sent to DHCP failover servers
  • Trigger condition is memory corruption in the DHCP service via malformed network packets; anomalous or malformed DHCP packets directed at failover-configured servers should be flagged
  • Affected component is explicitly 'Windows DHCP Server' on Windows Server 2012 Gold, R2, and Windows Server 2016 — scope detection/alerting to these OS versions running the DHCP Server role
  • Observable impact includes DHCP service becoming nonresponsive — sudden DHCP service crashes or hangs on failover-configured servers may indicate exploitation attempts
  • ·Exploitation is only possible when the DHCP server is configured in failover mode — servers NOT in failover mode are not affected and do not require the same urgency of patching
  • ·Microsoft assessed exploitation as 'Less Likely' for both latest and older software releases at time of disclosure, and confirmed no known active exploitation or public exploit code

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.