Reported December 14, 2004, by Microsoft
· Microsoft Windows NT Server 4.0 Service Pack 6a
· Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Two vulnerabilities exist in DHCP, the more serious of which could result in the execution of arbitrary code on the vulnerable system. A potential attacker who successfully exploited the more severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Microsoft has released Security Bulletin MS04-042, "Vulnerability in DHCP Could Allow Remote Code Execution and Denial of Service (885249)," to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch listed in the bulletin.
Discovered by Kostya Kortchinsky from CERT RENATER.