Home Tech News Windows 10 DHCP vulnerability

Windows 10 DHCP vulnerability

- Advertisement -

A pair of vulnerabilities in the DHCP client in Windows 10 and Windows Server 2019 allows attackers to execute code remotely, according to researchers at security firm Positive Technologies. DHCP is used on wired and wireless networks to assign IP addresses and other network configuration information.

“An attacker configures a DHCP server on their computer. The server responds to network configuration requests with malformed packets. On some networks, this attack is possible from a mobile phone or tablet,” Positive Technologies researcher Mikhail Tsvetkov said in a press release. “Then the attacker waits for a vulnerable Windows 10 computer to ask for a renewal of its IP address lease, which usually happens every few hours. By sending this invalid response, the attacker can obtain the rights of an anonymous user on the victim computer.”

- Advertisement -

Exploitation at this stage is still challenging for attackers, as anonymous users have limited system privileges, preventing access to system folders, the Windows registry, and modifying other user and system processes. It does, however, provide a useful entry point for continued escalation by pairing with other vulnerabilities.

Nominally, attackers must be on the same network as the targeted system, though for organizations where DHCP Relay is used to use external DHCP servers, this limitation can be bypassed.

The pair of vulnerabilities, designated as CVE-2019-0697 and CVE-2019-0726, rely on sending “an abnormally large number of options in the DHCP response,” and a specially-crafted list of DNS suffixes, respectively. The vulnerabilities were patched in the March 2019 Patch Tuesday round of security updates.

HTML Image as link Qries
alltechng
Technology is making life more meaningful, improves productivity... We are tech lovers...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Must Read

video

Major iPhone 12 Leaks! MAGNETS, New Camera, Same Notch & More!

Major iPhone 12 Leaks! MAGNETS, New Camera, Same Notch & More! More Major iPhone 12 Pro Leaks! Built in MAGNETS, new camera orientation revealed, display...
video

New Apple 27-inch iMac Reactions! Plus, iOS 14 beta 4 gets new features

New Apple 27-inch iMac Reactions! Plus, iOS 14 beta 4 gets new features...
video

Samsung Galaxy Note 20 Ultra: So much left to say!

Samsung Galaxy Note 20 Ultra: So much left to say!
video

My Google Pixel 4a Review!

My Google Pixel 4a Review!
video

Google Pixel 5 Launch Date LEAKED… by Google!

Google Pixel 5 Launch Date LEAKED... by Google!... we have some deals on the Galaxy Book Flex, MacBook Pros and more. MediaTek is partnering up...
error: Alltechng Content is protected !!