CVE-2026-50370

Microsoft · Windows DHCP Server

A heap-based buffer overflow in the Windows DHCP Server allows an unauthenticated, adjacent attacker to achieve remote code execution.

Executive summary

A heap-based buffer overflow in Windows DHCP Server allows unauthenticated, adjacent attackers to execute arbitrary code, creating a critical risk of system takeover.

Vulnerability

The vulnerability is a heap-based buffer overflow caused by improper input validation. It is exploitable by an unauthenticated attacker located on an adjacent network, such as the same local network segment.

Business impact

The ability for an unauthenticated attacker to execute code on a network server represents a critical threat to infrastructure security. With a CVSS score of 8.8, this vulnerability could lead to a complete compromise of the DHCP service, potentially facilitating man-in-the-middle attacks or further lateral movement within the network.

Remediation

Immediate Action: Update all affected Windows Server instances immediately using the security patches referenced in the Microsoft MSRC update guide.

Proactive Monitoring: Monitor network traffic for unusual DHCP handshake activity or unexpected crash reports associated with the DHCP service process.

Compensating Controls: Restrict network access to DHCP servers to trusted segments only and utilize host-based firewalls to minimize the attack surface.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

Immediate patching is required for all Windows Server environments running the DHCP role. Administrators should treat this as a high-priority update to prevent potential remote code execution by unauthorized actors within the local network perimeter.