CVE-2024-30070 – This vulnerability in the DHCP Server service a... (How to Fix)

Q: What is the severity of CVE-2024-30070?

CVE-2024-30070 has a CVSS score of 7.5 (HIGH). This vulnerability in the DHCP Server service allows an attacker to send specially crafted packets that cause a denial of service (DoS) condition. The service crashes, preventing DHCP assignment to clients. This affects Windows Server systems running the DHCP Server role.

📋 TL;DR

This vulnerability in the DHCP Server service allows an attacker to send specially crafted packets that cause a denial of service (DoS) condition. The service crashes, preventing DHCP assignment to clients. This affects Windows Server systems running the DHCP Server role.

💻 Affected Systems

Products:

Windows Server

Versions: Windows Server 2019, 2022, and later versions with DHCP Server role installed

Operating Systems: Windows Server

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with the DHCP Server role installed and running. Client systems are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete DHCP service outage across the network, preventing new clients from obtaining IP addresses and disrupting network connectivity for all DHCP-dependent devices.

🟠

Likely Case

DHCP service crashes, requiring manual restart and causing temporary network disruption until service is restored.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; service automatically restarts or fails over to redundant DHCP servers.

🌐 Internet-Facing: LOW (DHCP servers should not be directly internet-facing; exploitation requires network access to DHCP service)

🏢 Internal Only: HIGH (Internal attackers or compromised internal systems can exploit this to disrupt network operations)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the DHCP service port (UDP 67/68). No authentication is needed to send DHCP packets.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: May 2024 security updates (KB5037765 for Server 2022, KB5037763 for Server 2019)

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30070

Restart Required: Yes

Instructions:

1. Apply May 2024 Windows Server security updates via Windows Update. 2. Restart the server to complete installation. 3. Verify DHCP service is running normally after restart.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to DHCP servers to only trusted subnets and required clients

DHCP Failover Configuration

windows

Configure DHCP failover to maintain service if primary server is compromised

🧯 If You Can't Patch

Implement strict network ACLs to limit access to DHCP servers (UDP ports 67/68)
Monitor DHCP service health and implement automated restart scripts for service crashes

🔍 How to Verify

Check if Vulnerable:

Check if DHCP Server role is installed and running on Windows Server 2019/2022 without May 2024 security updates

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify May 2024 security updates are installed and DHCP service remains stable when receiving test DHCP requests

📡 Detection & Monitoring

Log Indicators:

DHCP service crash events in Windows Event Log (Event ID 7031, 7034)
Unexpected DHCP service restarts

Network Indicators:

Unusual DHCP packet patterns from single source
DHCP DISCOVER/OFFER/REQUEST packets with malformed options

SIEM Query:

EventID=7031 OR EventID=7034 AND ServiceName="DHCPServer"

📊 Metadata

CVE ID: CVE-2024-30070

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-191

Published: June 11, 2024

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30070 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30070 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30070, you might also want to check these: