Intrusion PreventionMW.DHCP.Client.DhcpExtractFullOptions.Code.Execuction
Description
This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft Windows Server
A remote attacker on the same network segment as the victim can exploit this vulnerability by setting up a rogue DHCP server and responding to DHCP requests with malicious DHCP reply messages. Successful exploitation could potentially result in the attacker being able to run arbitrary code with administrative privileges on the target system.
Affected Products
Microsoft Windows 10 version 1803
Microsoft Windows 10 Version 1809
Microsoft Windows Server 2019
Microsoft Windows Server 2019 (Server Core installation)
Microsoft Windows Server version 1803 (Server Core Installation)
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0697
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-07-03 | 14.642 | Sig Added |
| 2019-05-01 | 14.605 | Default_action:pass:drop |
| 2019-04-23 | 14.598 |
| ID | 47764 |
| Created | Apr 23, 2019 |
| Updated | Jul 02, 2019 |
| Risk |
|
| CVE ID | CVE-2019-0697 |
| Exploit Prediction Score | 90.18% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |