Intrusion Prevention

MS.Windows.DHCP.Server.Remote.Code.Execution

Description

This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Microsoft Windows Server.
A remote attacker on the same local network can exploit this vulnerability by sending a large number of DHCP messages a in order to trigger a race condition. Successful exploitation could result in the execution of arbitrary code as SYSTEM, and unsuccessful exploitation could result in denial of service conditions on the target service.

Affected Products

Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Server 2019

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0725

CVE References

CVE-2019-0725