Microsoft Windows Deployment Services TFTP Server Arbitrary Code Execution Vulnerability



A vulnerability in the Windows Deployment Services TFTP Server component of Microsoft Windows could allow an authenticated, remote attacker to escalate privileges on a targeted system.

The vulnerability is due to improper memory operations that are performed by the affected software when handling requests. An attacker could exploit the vulnerability by sending a request that submits malicious input to the affected system. A successful exploit could allow the attacker to execute arbitrary code and compromise the system completely.

Microsoft confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-0603

Source:: Cisco Multivendor Vulnerability Alerts