Windows DHCP Remote Code Execution Vulnerability (CVE-2023-28231)
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information, such as subnet mask and default gateway. RFCs 2131 and 2132 define DHCP as an Internet Engineering Task Force (IETF) standard based on the Bootstrap Protocol (BOOTP), which shares many implementation details with DHCP. DHCP allows a host to obtain required TCP/IP configuration information from a DHCP server.
Recently, researchers at Cyber Kunlun Labs reported to Microsoft a DHCP Server remote code execution CVE-2023-28231, which was designated as a high-risk vulnerability. This vulnerability has been fixed by the official patch on Microsoft's April 2023 patch day.
After analysis, the attacker sends a malicious DHCP packet to the target user, and then the attacker can perform remote code execution on the remote DHCP server
It is worth noting that Microsoft's official announcement pointed out that this vulnerability is an RPC vulnerability that requires authentication before it can be exploited. However, after analysis by Cyber Kunlun researchers, it is actually a protocol vulnerability that does not require any authentication.
Vulnerability name | Windows DHCP Remote Code Execution Vulnerability |
CVE ID | CVE-2023-28231 |
Vulnerability Type | Remote Code Execution |
Severity | Critical |
Affected Products
- Windows Server 2008 for 32-bit Systems Service Pack 2Microsoft Outlook 2013 Service Pack 1
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2012
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2016
- Windows Server 2016 (Server Core installation)
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows Server 2022
- Windows Server 2022 (Server Core installation)
Repair suggestion
At present, the official has issued a fix for the issue, recommending that affected users upgrade to a safe version as soon as possible.