cbcvebase.
CVE-2019-0726
published 2019-04-09

CVE-2019-0726: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP…

PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
54.04%
98.9th percentile
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0698.

Affected

20 ranges
VendorProductVersion rangeFixed in
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows_10
microsoftwindows_10
microsoftwindows_server
microsoftwindows_server
microsoftwindows_server
microsoftwindows_server_2016
msrcwindows_10_version_1803_for_32-bit_systems
msrcwindows_10_version_1803_for_arm64-based_systems
msrcwindows_10_version_1803_for_x64-based_systems
msrcwindows_10_version_1809_for_32-bit_systems
msrcwindows_10_version_1809_for_arm64-based_systems
msrcwindows_10_version_1809_for_x64-based_systems
msrcwindows_server_2019
msrcwindows_server_version_1803

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via specially crafted DHCP responses sent to a Windows DHCP client; monitor for anomalous or malformed DHCP response traffic targeting clients
  • Attack vector is network-based (DHCP response), meaning a malicious DHCP server or on-path attacker on the same network segment could exploit this; inspect DHCP response packets for malformed/unexpected option fields
  • Target component is the Windows DHCP Client service; alert on unexpected crashes or memory corruption events in the DHCP client process (dhcpcsvc.dll / svchost hosting DHCP)
  • ·Exploit status is publicly disclosed: No and exploited: No at time of advisory; exploitation assessed as 'Less Likely' for both latest and older software releases
  • ·This CVE is distinct from but related to CVE-2019-0697 and CVE-2019-0698, which are also Windows DHCP Client RCE vulnerabilities; ensure detections cover all three

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.