Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Windows DHCP Client Remote Code Execution Vulnerability
Image
Published : 09/01/2019
Reference:
Advisory # 2019-001
Version:
1.0
Affected software:
Windows DHCP Client
Type:
Memory corruption vulnerability
CVE/CVSS:
CVE-2019-0547
Sources
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0547
Risks
Arbitrary code could be run on the client machine when the vulnerability is successfully exploited.
Description
CVE-2019-0547: Windows DHCP Client Remote Code Execution Vulnerability
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.
To exploit the vulnerability, an attacker could send a specially crafted DHCP responses to a client.
The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.
Recommended Actions
Verify the software versions in the Security Updates list and perform the recommended Security Updates as soon as possible as offered in the Microsoft MSRC publication for your product.
More Information
https://nvd.nist.gov/vuln/detail/CVE-2019-0547
A complete description and security update list is available here:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0547