CVE-2023-36703 – This vulnerability in the DHCP Server Service a... (How to Fix)

Q: What is the severity of CVE-2023-36703?

CVE-2023-36703 has a CVSS score of 7.5 (HIGH). This vulnerability in the DHCP Server Service allows an attacker to send specially crafted packets that cause a denial of service, potentially crashing the service. It affects Windows Server systems running the DHCP Server role. The vulnerability requires network access to the DHCP server.

📋 TL;DR

This vulnerability in the DHCP Server Service allows an attacker to send specially crafted packets that cause a denial of service, potentially crashing the service. It affects Windows Server systems running the DHCP Server role. The vulnerability requires network access to the DHCP server.

💻 Affected Systems

Products:

Windows Server DHCP Server

Versions: Windows Server 2012 R2, 2016, 2019, 2022

Operating Systems: Windows Server

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with the DHCP Server role installed and running. Client versions of Windows are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete DHCP service outage, preventing new clients from obtaining IP addresses and disrupting network connectivity across the organization.

🟠

Likely Case

DHCP service becomes unresponsive, requiring manual restart and causing temporary network disruption for clients attempting to obtain or renew leases.

🟢

If Mitigated

Service automatically restarts or fails gracefully with minimal impact to existing client connections.

🌐 Internet-Facing: MEDIUM - DHCP servers should not be directly internet-facing, but misconfigured or exposed servers could be targeted.

🏢 Internal Only: HIGH - Internal attackers or compromised internal systems could exploit this to disrupt network operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the DHCP server port (UDP 67/68). No authentication is required to send DHCP packets.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: October 2023 security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36703

Restart Required: Yes

Instructions:

1. Apply the October 2023 security updates from Windows Update. 2. Restart the server to complete installation. 3. Verify the DHCP service is running properly after restart.

🔧 Temporary Workarounds

Restrict DHCP Server Access

windows

Use firewall rules to limit which network segments can communicate with the DHCP server.

New-NetFirewallRule -DisplayName "Restrict DHCP" -Direction Inbound -LocalPort 67,68 -Protocol UDP -RemoteAddress 192.168.1.0/24 -Action Allow

Implement DHCP Relay Protection

all

Configure network devices to filter or rate-limit DHCP traffic to the server.

🧯 If You Can't Patch

Implement strict network segmentation to isolate DHCP servers from untrusted networks
Deploy redundant DHCP servers with failover configuration to maintain service during attacks

🔍 How to Verify

Check if Vulnerable:

Check if the DHCP Server role is installed and if the October 2023 security updates are not applied.

Check Version:

Get-WindowsFeature -Name DHCP | Select-Object Installed, Version

Verify Fix Applied:

Verify that the October 2023 security updates are installed and the DHCP service is running version 10.0.xxxxx.xxxx or later.

📡 Detection & Monitoring

Log Indicators:

DHCP service crash events in Event Viewer (Event ID 1000, 1001)
Multiple DHCPNAK responses to valid requests
Service termination without normal shutdown

Network Indicators:

Unusual volume of malformed DHCP packets to UDP port 67
DHCPDISCOVER packets with abnormal options or lengths

SIEM Query:

EventID=1000 OR EventID=1001 AND SourceName="DhcpServer" AND Keywords="0x80000000000000"

📊 Metadata

CVE ID: CVE-2023-36703

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: October 10, 2023

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36703 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36703 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36703, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict DHCP Server Access

Implement DHCP Relay Protection

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities