CVE-2019-0547
published 2019-01-08CVE-2019-0547: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka "Windows DHCP…
PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
71.36%
99.3th percentile
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka "Windows DHCP Client Remote Code Execution Vulnerability." This affects Windows 10, Windows 10 Servers.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_servers | — | — |
| msrc | windows_10_version_1803_for_32-bit_systems | — | — |
| msrc | windows_10_version_1803_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1803_for_x64-based_systems | — | — |
| msrc | windows_server_version_1803 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector requires attacker to send specially crafted DHCP responses to a target Windows DHCP client; monitor for anomalous or malformed DHCP response packets on the network targeting Windows 10 / Windows 10 Server hosts ↗
- ·At time of disclosure, the vulnerability had not been publicly disclosed or actively exploited in the wild ↗
- ·The patch (KB4480966) corrects how Windows DHCP clients handle certain DHCP responses; patching is the primary mitigation ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows DHCP Client Remote Code Execution Vulnerability
vendor_msrc·2019-01-08·CVSS 9.8
CVE-2019-0547 [CRITICAL] Windows DHCP Client Remote Code Execution Vulnerability
Windows DHCP Client Remote Code Execution Vulnerability
Description: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.
To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client.
The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.
Windows DHCP Client: Windows DHCP Client
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q
GHSA
GHSA-6cwf-wg9f-5wqv: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka "Windows
ghsa_unreviewed·2022-05-13
CVE-2019-0547 [CRITICAL] CWE-787 GHSA-6cwf-wg9f-5wqv: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka "Windows
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka "Windows DHCP Client Remote Code Execution Vulnerability." This affects Windows 10, Windows 10 Servers.
No detection rules found.
No public exploits indexed.
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Sfruttamento vulnerabilità
## January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research Jan 09, 2019 Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited . Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Exploits & Vulnerabilities
## January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research Jan 09, 2019 Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited . Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Ausnutzung von Schwachstellen
## January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research Jan 09, 2019 Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited . Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notab
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Exploits & Vulnerabilities
## January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research 2019/01/09 Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited . Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable of
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Exploits y vulnerabilidades
## January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research Jan 09, 2019 Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited . Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable
Krebs
Patch Tuesday, January 2019 Edition
blogs_krebs·2019-01-09·CVSS 7.5
[HIGH] Patch Tuesday, January 2019 Edition
Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few spicy bits to keep in mind. Read on for the gory details.
The updates released Tuesday affect Windows, Internet Explorer and Edge , Office , Sharepoint , .NET Framework and Exchange . Patches are available for all client and server versions of Windows, but none of the “critical” flaws — those that can lead to a remote system compromise without any help from users — apply to Windows 7 or Windows 8.1 , according to Martin Brinkmann at Ghacks.net .
Mercifully, none of the vulnerabilities fixed in T
Krebs
Patch Tuesday, January 2019 Edition
blogs_krebs·2019-01-09·CVSS 7.5
CVE-2019-0579 [HIGH] Patch Tuesday, January 2019 Edition
Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few spicy bits to keep in mind. Read on for the gory details.
Mercifully, none of the vulnerabilities fixed in Tuesday’s bundle are being actively exploited, although one (CVE-2019-0579) was publicly disclosed prior to the patch release, meaning attackers may have had a head start figuring out how to exploit it. This bug is one of 11 that Microsoft fixed in its Jet Database Engine.
Among the more eyebrow-raising flaws fixed this week is CVE-2019-0547, a weakness in the Windows component responsible
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Exploits & Vulnerabilities
# January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research
Jan 09, 2019
Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited. Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable o
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Exploits & Vulnerabilities
# January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research
2019/01/09
Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited. Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable of
CAPEC
DHCP Spoofing
mitre_capec
[HIGH] DHCP Spoofing
CAPEC-697: DHCP Spoofing
An adversary masquerades as a legitimate Dynamic Host Configuration Protocol (DHCP) server by spoofing DHCP traffic, with the goal of redirecting network traffic or denying service to DHCP.
Execution Flow:
Step 1 [Explore]: [Determine Exsisting DHCP lease] An adversary observes network traffic and waits for an existing DHCP lease to expire on a target machine in the LAN.
Technique: Adversary observes LAN traffic for DHCP solicitations
Step 2 [Experiment]: [Capture the DHCP DISCOVER message] The adversary captures "DISCOVER" messages and crafts "OFFER" responses for the identified target MAC address. The success of this attack centers on the capturing of and responding to these "DISCOVER" messages.
Technique: Adversary captures and responds to DHCP "DISCOVER" mess
2019-01-08
Published