The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Windows: changing configuration via DHCP INFORM

Synthesis of the vulnerability 

An attacker can reply to DHCP INFORM queries of Windows, in order to alter its configuration.
Impacted software: Windows 2000, Windows 2003, Windows XP.
Severity of this computer vulnerability: 2/4.
Creation date: 30/05/2014.
Références of this announce: VIGILANCE-VUL-14818.

Description of the vulnerability 

The DHCP INFORM is used by a client to request a DHCP server to provide additional information (WPAD, DNS, router, etc.).

The DHCP client of Windows implements DHCP INFORM. However, if does not check if replies come from the DHCP server.

An attacker can therefore reply to DHCP INFORM queries of Windows, in order to alter its configuration.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability announce impacts software or systems such as Windows 2000, Windows 2003, Windows XP.

Our Vigil@nce team determined that the severity of this cybersecurity bulletin is medium.

The trust level is of type unique source, with an origin of LAN.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this threat alert.

Solutions for this threat 

Windows: workaround for DHCP INFORM.
A workaround is to edit the registry
  HKLM\SYSTEM\CCS\Services\TCP\Interfaces\[all directories]
  UseInform : DWORD : 0
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a networks vulnerabilities announce. The technology watch team tracks security threats targeting the computer system.