by: John Simpson (Vulnerability Researcher)
May’s Patch Tuesday saw what is likely to be one of the most prominent vulnerabilities this year with the “wormable” Windows Terminal Services vulnerability (CVE-2019-0708). However, there’s another remote code execution (RCE) vulnerability that would be hard to ignore: CVE-2019-0725, an RCE vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) Server. It’s worth noting that DHCP-related vulnerabilities are drawing more attention in Patch Tuesdays this year. An example is a different RCE flaw (CVE-2019-0626) that was patched in the DHCP server last February.
CVE-2019-0725 doesn’t require user interaction, and affects all versions of Windows Server. How bad — and exploitable — is CVE-2019-0725, exactly?
CVE-2019-0725’s ImpactMicrosoft’s CVSS 3.0 rating for CVE-2019-0725 has a base score of 8.1. A successful attack would allow system-level code execution, as shown by the high Confidentiality, Integrity, and Availability impact ratings. The severity of the vulnerability across all versions of Windows Server is rated as critical. Additionally, there are no privileges required to mount a successful attack.
However, its Attack Complexity rating is high, which means there is likely a major factor of the vulnerability that is not fully under an attacker’s control. In this case, that rating is due at least in part to the fact that the vulnerability is a analysis exploitability