CVE-2019-0726
published 2019-04-09CVE-2019-0726: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP…
PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
54.04%
98.9th percentile
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0698.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server_2016 | — | — |
| msrc | windows_10_version_1803_for_32-bit_systems | — | — |
| msrc | windows_10_version_1803_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1803_for_x64-based_systems | — | — |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_version_1803 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via specially crafted DHCP responses sent to a Windows DHCP client; monitor for anomalous or malformed DHCP response traffic targeting clients ↗
- →Attack vector is network-based (DHCP response), meaning a malicious DHCP server or on-path attacker on the same network segment could exploit this; inspect DHCP response packets for malformed/unexpected option fields ↗
- →Target component is the Windows DHCP Client service; alert on unexpected crashes or memory corruption events in the DHCP client process (dhcpcsvc.dll / svchost hosting DHCP) ↗
- ·Exploit status is publicly disclosed: No and exploited: No at time of advisory; exploitation assessed as 'Less Likely' for both latest and older software releases ↗
- ·This CVE is distinct from but related to CVE-2019-0697 and CVE-2019-0698, which are also Windows DHCP Client RCE vulnerabilities; ensure detections cover all three ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xfvv-5229-rm3v: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
ghsa_unreviewed·2022-05-13·CVSS 9.8
CVE-2019-0726 [CRITICAL] CWE-787 GHSA-xfvv-5229-rm3v: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0698.
GHSA
GHSA-c773-95pr-cwwc: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
ghsa_unreviewed·2022-05-13·CVSS 9.8
CVE-2019-0698 [CRITICAL] CWE-787 GHSA-c773-95pr-cwwc: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0726.
GHSA
GHSA-4p2v-3qr6-pv3r: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
ghsa_unreviewed·2022-05-13·CVSS 9.8
CVE-2019-0697 [CRITICAL] CWE-787 GHSA-4p2v-3qr6-pv3r: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0698, CVE-2019-0726.
Microsoft
Windows DHCP Client Remote Code Execution Vulnerability
vendor_msrc·2019-03-12·CVSS 9.8
CVE-2019-0726 [CRITICAL] Windows DHCP Client Remote Code Execution Vulnerability
Windows DHCP Client Remote Code Execution Vulnerability
Description: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.
To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client.
The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.
Windows DHCP Client: Windows DHCP Client
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.micros
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-04-09
Published