Home Tech News Windows 10 DHCP vulnerability

Windows 10 DHCP vulnerability

- Advertisement -

A pair of vulnerabilities in the DHCP client in Windows 10 and Windows Server 2019 allows attackers to execute code remotely, according to researchers at security firm Positive Technologies. DHCP is used on wired and wireless networks to assign IP addresses and other network configuration information.

“An attacker configures a DHCP server on their computer. The server responds to network configuration requests with malformed packets. On some networks, this attack is possible from a mobile phone or tablet,” Positive Technologies researcher Mikhail Tsvetkov said in a press release. “Then the attacker waits for a vulnerable Windows 10 computer to ask for a renewal of its IP address lease, which usually happens every few hours. By sending this invalid response, the attacker can obtain the rights of an anonymous user on the victim computer.”

- Advertisement -

Exploitation at this stage is still challenging for attackers, as anonymous users have limited system privileges, preventing access to system folders, the Windows registry, and modifying other user and system processes. It does, however, provide a useful entry point for continued escalation by pairing with other vulnerabilities.

Nominally, attackers must be on the same network as the targeted system, though for organizations where DHCP Relay is used to use external DHCP servers, this limitation can be bypassed.

The pair of vulnerabilities, designated as CVE-2019-0697 and CVE-2019-0726, rely on sending “an abnormally large number of options in the DHCP response,” and a specially-crafted list of DNS suffixes, respectively. The vulnerabilities were patched in the March 2019 Patch Tuesday round of security updates.

alltechng
Technology is making life more meaningful, improves productivity... We are tech lovers...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Must Read

Samsung’s AirDrop alternative

Android 10 killed Android Beam, but makers don’t seem happy with Google’s proposed replacement. Samsung is expected to unveil its own alternative, Quick Share, at...

vivo to introduce two iQOO phones

vivo officially announced today that it will expand its iQOO brand to India. In an interview with The Mobile Indian, the marketing director of iQOO...
video

FIX Unable to Install Update IOS 13 – An Error Occurred While Installing IOS

FIX Unable to Install Update IOS 13 - An Error Occurred While Installing IOS 13

Google I/O 2020 scheduled

Google is set to host its annual I/O developer conference between May 12 -14. The big event will take place at Shoreline Amphitheatre located...
video

iPhone Won’t Download Apps? Try These 9 Easy Fixes! – iOS 11 (2018)

iPhone Won't Download Apps? Try These 9 Easy Fixes! - iOS 11