CVE-2024-26212
published 2024-04-09CVE-2024-26212: DHCP Server Service Denial of Service Vulnerability
PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
62.58%
99.1th percentile
DHCP Server Service Denial of Service Vulnerability
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.27067 | 6.1.7601.27067 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.22618 | 6.0.6003.22618 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24821 | 6.2.9200.24821 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.21924 | 6.3.9600.21924 |
| microsoft | windows_server_2016 | < 10.0.14393.6897 | 10.0.14393.6897 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.6897 | 10.0.14393.6897 |
| microsoft | windows_server_2019 | < 10.0.17763.5696 | 10.0.17763.5696 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.5696 | 10.0.17763.5696 |
| microsoft | windows_server_2022 | < 10.0.20348.2402 | 10.0.20348.2402 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.2402 | 10.0.20348.2402 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.830 | 10.0.25398.830 |
| msrc | windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2024-26212 targets the Windows DHCP Server Service; monitor for anomalous or malformed DHCP traffic directed at Windows Server DHCP instances that could cause a denial of service condition. ↗
- →Microsoft rates exploitation as 'More Likely' for the latest software release despite no known public exploit or active exploitation at time of disclosure; prioritize patching and monitoring of DHCP Server Service on all affected Windows Server versions. ↗
- →Affected platforms span a wide range of Windows Server versions (2008 SP2 through 2022 23H2); ensure DHCP Server Service is patched or mitigated on all of these. ↗
- ·No public proof-of-concept or active exploitation has been confirmed at time of disclosure; however, Microsoft assesses exploitation as 'More Likely' for the latest software release, warranting elevated vigilance. ↗
- ·The vulnerability is limited to the Windows DHCP Server Service role; systems not running the DHCP Server role are not affected. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
DHCP Server Service Denial of Service Vulnerability
vendor_msrc·2024-04-09·CVSS 7.5
CVE-2024-26212 [HIGH] CWE-400 DHCP Server Service Denial of Service Vulnerability
DHCP Server Service Denial of Service Vulnerability
Windows DHCP Server: Windows DHCP Server
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5036896
Reference: https://support.microsoft.com/help/5036896
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5036909
Reference: https://support.microsoft.com/help/5036909
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5036910
Reference: https://support.microsoft.com/help/5036910
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5036899
Reference: https://support.
GHSA
GHSA-899x-gqmc-4hgm: DHCP Server Service Denial of Service Vulnerability
ghsa_unreviewed·2024-04-09
CVE-2024-26212 [HIGH] CWE-400 GHSA-899x-gqmc-4hgm: DHCP Server Service Denial of Service Vulnerability
DHCP Server Service Denial of Service Vulnerability
No detection rules found.
No public exploits indexed.
Qualys
Microsoft and Adobe Patch Tuesday, April 2024 Security Update Review
blogs_qualys·2024-04-09
Microsoft and Adobe Patch Tuesday, April 2024 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for April 2024
Adobe Patches for April 2024
Other Critical Severity Vulnerabilities Patched in April Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
Qualys Monthly Webinar Series
Welcome to another insightful dive into Microsoft’s Patch Tuesday! This month’s security updates address a vast number of vulnerabilities in multiple popular products, features, and roles. We invite you to join us to review and discuss the details of these security updates and patches.
## Microsoft Patch Tuesday for Ap
Trendmicro
The April 2024 Security Updates Review
blogs_trendmicro·2024-04-09
The April 2024 Security Updates Review
# The April 2024 Security Updates Review
Get the April 2024 security update and review.
By: Dustin Childs
2024/04/09
Read time: ( words)
Save to Folio
It’s the second Tuesday of the month, and Adobe and Microsoft have released a fresh crop of security updates. Take a break from your other activities and join us as we review the details of their latest advisories. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for April 2024
For April, Adobe released nine patches addressing 24 CVEs in Adobe After Effects, Photoshop, Commerce, InDesign, Experience Manager, Media Encoder, Bridge, Illustrator, and Adobe Animate. The largest of these updates is for Experience Manager, however, all of the bugs being patched are simple Cross
Bleepingcomputer
Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
blogs_bleepingcomputer·2024-04-09·CVSS 8.1
[HIGH] Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
## Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
## Lawrence Abrams
There were also fixes for twenty-six Secure Boot bypasses released this month, including two from Lenovo.
The number of bugs in each vulnerability category is listed below:
31 Elevation of Privilege Vulnerabilities
29 Security Feature Bypass Vulnerabilities
67 Remote Code Execution Vulnerabilities
13 Information Disclosure Vulnerabilities
7 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities
The total count of 150 flaws does not include 5 Microsoft Edge flaws fixed on April 4th and 2 Mariner flaws. Mariner is an open-source Linux distribution developed by Microsoft for its Microsoft Azure services.
To learn more about the non-security updates released today, you can review our ded
Trendmicro
The April 2024 Security Updates Review
blogs_trendmicro·2024-04-09
The April 2024 Security Updates Review
## The April 2024 Security Updates Review
Get the April 2024 security update and review.
By: Dustin Childs 2024/04/09 Read time: ( words)
Save to Folio
It’s the second Tuesday of the month, and Adobe and Microsoft have released a fresh crop of security updates. Take a break from your other activities and join us as we review the details of their latest advisories. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for April 2024
For April, Adobe released nine patches addressing 24 CVEs in Adobe After Effects, Photoshop, Commerce, InDesign, Experience Manager, Media Encoder, Bridge, Illustrator, and Adobe Animate. The largest of these updates is for Experience Manager , however, all of the bugs being patched are simple Cros
Qualys
Security Update Review: Microsoft & Adobe April 2024 Patch Tuesday | Qualys
blogs_qualys·2024-04-09
Security Update Review: Microsoft & Adobe April 2024 Patch Tuesday | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for April 2024
- Adobe Patches for April 2024
- Other Critical Severity Vulnerabilities Patched in April Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- Qualys Monthly Webinar Series
Welcome to another insightful dive into Microsoft’s Patch Tuesday! This month’s security updates address a vast number of vulnerabilities in multiple popular products, features, and roles. We invite you to join us to review and discuss the details of these security updates and patches.
## Microsoft Patch Tu
Zscaler
Zscaler found Windows Security Vulnerabilities | 04-09-2024
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler found Windows Security Vulnerabilities | 04-09-2024
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2024-04-09
Published