PT-2017-2915 · Microsoft · Windows Server+1

Published

2017-09-11

Updated

2017-09-19

CVE-2017-8686

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows Server versions 2012 Gold and R2 through 2016

Description The issue is caused by a memory corruption vulnerability in the Windows Server DHCP service, allowing an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive. This can be exploited by remote attackers to execute arbitrary code and affect the system.

Recommendations For Windows Server 2012 Gold and R2, and Windows Server 2016, update to a version that includes the fix for the memory corruption vulnerability in the Windows Server DHCP service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2017-02240

CVE-2017-8686

Affected Products

Windows

Windows Server

PT-2017-2915 · Microsoft · Windows Server+1

CVE-2017-8686

Weakness Enumeration

Related Identifiers

Affected Products

References · 8