Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability

Plan PatchCVSS 9.1CVE-2026-45602Jun 9, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in Windows DHCP Server allows an unauthorized attacker on the network to tamper with DHCP responses. An attacker could intercept and modify DHCP traffic to redirect devices to malicious servers or disrupt network connectivity. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 23H2, 24H2, 25H2, 26H1), Windows Server 2016, 2019, 2022, and 2025 across 32-bit, x64, and ARM64 architectures.

What this means

What could happen

An attacker on your network could tamper with DHCP responses, potentially redirecting devices to malicious servers or disrupting network connectivity across your infrastructure.

Who's at risk

Organizations operating Windows environments should prioritize this issue. Affected equipment includes Windows 10 and 11 workstations (all versions), Windows Server 2016/2019/2022/2025, and any systems relying on DHCP for network configuration. This affects IT infrastructure, domain controllers, and client workstations across all sectors.

How it could be exploited

An attacker with network access to your DHCP traffic could intercept and modify DHCP responses in transit, causing Windows clients and servers to receive incorrect network configuration such as gateway, DNS, or NTP server addresses. This could redirect traffic to attacker-controlled infrastructure or cause connectivity failures.

Prerequisites

Network access to DHCP traffic or ability to respond to DHCP requests on your network
Target devices running affected Windows versions

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.1)

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (26)

26 with fix

ProductAffected VersionsFix Status

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8880

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8880

Windows Server 2019All versionsBuild 10.0.17763.8880

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8880

Windows Server 2022All versionsBuild 10.0.20348.5256

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Windows Server 2016

HOTFIXApply the 2026-Jun Windows security update to all affected Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and 2025 systems

All products

HOTFIXPrioritize patching Windows DHCP servers and domain controllers first, then client systems

Long-term hardening

0/2

HARDENINGSegment DHCP traffic on your network to prevent untrusted devices from sending DHCP responses

HARDENINGConsider implementing DHCP snooping on network switches to prevent unauthorized DHCP servers

CVEs (1)

CVE-2026-45602

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6c34eb62-6a91-43e7-b1e1-505b575df720

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.