CVE-2019-1213
published 2019-08-14CVE-2019-1213: A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who…
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.25%
89.8th percentile
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server.
To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server.
The security update addresses the vulnerability by correcting how DHCP servers handle network packets.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < publication | publication |
| msrc | windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_itanium-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target service is Windows Server DHCP; monitor for specially crafted/malformed packets sent to the DHCP server as the attack vector ↗
- →Attack is network-based and unauthenticated — no prior access required; DHCP server exposure on the network is sufficient for exploitation ↗
- →Exploitation results in memory corruption leading to arbitrary code execution on the DHCP server; alert on unexpected process spawning from the DHCP service (dhcpserver.exe) ↗
- ·As of advisory publication, the vulnerability had not been publicly disclosed or observed exploited in the wild, reducing immediate threat urgency but not eliminating risk ↗
- ·Exploitation likelihood for older software releases is rated 'Less Likely'; no exploitation rating provided for latest software release ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows DHCP Server Remote Code Execution Vulnerability
vendor_msrc·2019-08-13·CVSS 9.8
CVE-2019-1213 [CRITICAL] Windows DHCP Server Remote Code Execution Vulnerability
Windows DHCP Server Remote Code Execution Vulnerability
Description: A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server.
To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server.
The security update addresses the vulnerability by correcting how DHCP servers handle network packets.
Windows DHCP Server: Windows DHCP Server
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/s
GHSA
GHSA-7j2x-4f39-6gwm: A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Wi
ghsa_unreviewed·2022-05-24
CVE-2019-1213 [CRITICAL] CWE-787 GHSA-7j2x-4f39-6gwm: A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Wi
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
No detection rules found.
Qualys
August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns
blogs_qualys·2019-08-13·CVSS 9.8
[CRITICAL] August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns
Update Aug 13, 2019 : Detect and Patch Windows Remote Desktop Vulnerabilities
This month’s Microsoft Patch Tuesday addresses 93 vulnerabilities with 29 of them labeled as Critical. Of the 29 Critical vulns, 10 are for scripting engines and browsers, 6 for Windows Graphics/Font Library, and 4 are for Office apps. In addition, Microsoft has patched 4 (!) Critical RCEs in Remote Desktop (plus 3 Important), 2 for Hyper-V, 2 in DHCP Client/Server, and one for LNK files. Adobe has also released a large number of patches covering multiple products.
## Workstation Patches
Scripting Engine, Browser, Office, Graphics/Font, and LNK patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user
Talos
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-08-13·CVSS 9.1
[CRITICAL] Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate."
This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. For more on our coverage of these bugs, check out our Snort advisories here, covering all of the new rules we have for this release.
### Critical vulnerabilities Microsoft disclosed 31 critical vulnerabilities this month, three of which we will highlight below.
CVE-2019-1181 and CVE-2019-1182 are both remote code execution vulnerabilities in Remote De
Tenable
Tenable Roundup for Microsoft’s August 2019 Patch Tuesday: DejaBlue
blogs_tenable·2019-08-13
Tenable Roundup for Microsoft’s August 2019 Patch Tuesday: DejaBlue
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Talos
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-08-13·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate."
This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. For more on our coverage of these bugs, check out our Snort advisories here , covering all of the new rules we have for this release.
## Critical vulnerabilities Microsoft disclosed 31 critical vulnerabilities this month, three of which we will highlight below.
CVE-2
Qualys
August 2019 Patch Tuesday - 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns | Qualys
blogs_qualys·2019-08-13·CVSS 9.8
[CRITICAL] August 2019 Patch Tuesday - 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns | Qualys
Update Aug 13, 2019: Detect and Patch Windows Remote Desktop Vulnerabilities
This month’s Microsoft Patch Tuesday addresses 93 vulnerabilities with 29 of them labeled as Critical. Of the 29 Critical vulns, 10 are for scripting engines and browsers, 6 for Windows Graphics/Font Library, and 4 are for Office apps. In addition, Microsoft has patched 4 (!) Critical RCEs in Remote Desktop (plus 3 Important), 2 for Hyper-V, 2 in DHCP Client/Server, and one for LNK files. Adobe has also released a large number of patches covering multiple products.
### Workstation Patches
Scripting Engine, Browser, Office, Graphics/Font, and LNK patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user
2019-08-14
Published