CVE-2026-50370
Microsoft · Windows DHCP Server
A heap-based buffer overflow in the Windows DHCP Server allows an unauthenticated, adjacent attacker to achieve remote code execution.
Executive summary
A heap-based buffer overflow in Windows DHCP Server allows unauthenticated, adjacent attackers to execute arbitrary code, creating a critical risk of system takeover.
Vulnerability
The vulnerability is a heap-based buffer overflow caused by improper input validation. It is exploitable by an unauthenticated attacker located on an adjacent network, such as the same local network segment.
Business impact
The ability for an unauthenticated attacker to execute code on a network server represents a critical threat to infrastructure security. With a CVSS score of 8.8, this vulnerability could lead to a complete compromise of the DHCP service, potentially facilitating man-in-the-middle attacks or further lateral movement within the network.
Remediation
Immediate Action: Update all affected Windows Server instances immediately using the security patches referenced in the Microsoft MSRC update guide.
Proactive Monitoring: Monitor network traffic for unusual DHCP handshake activity or unexpected crash reports associated with the DHCP service process.
Compensating Controls: Restrict network access to DHCP servers to trusted segments only and utilize host-based firewalls to minimize the attack surface.
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
Immediate patching is required for all Windows Server environments running the DHCP role. Administrators should treat this as a high-priority update to prevent potential remote code execution by unauthorized actors within the local network perimeter.