CVE-2025-21179 – This vulnerability in the DHCP Client Service a... (How to Fix)

Q: What is the severity of CVE-2025-21179?

CVE-2025-21179 has a CVSS score of 4.8 (MEDIUM). This vulnerability in the DHCP Client Service allows an attacker to cause a denial of service by sending specially crafted DHCP packets. Systems running affected Windows versions with DHCP enabled are vulnerable. The vulnerability could cause the DHCP client service to crash, potentially disrupting network connectivity.

📋 TL;DR

This vulnerability in the DHCP Client Service allows an attacker to cause a denial of service by sending specially crafted DHCP packets. Systems running affected Windows versions with DHCP enabled are vulnerable. The vulnerability could cause the DHCP client service to crash, potentially disrupting network connectivity.

💻 Affected Systems

Products:

Microsoft Windows DHCP Client

Versions: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Systems must have DHCP enabled and be configured to obtain IP address automatically

📦 What is this software?

Windows 11 24h2 by Microsoft

View all CVEs affecting Windows 11 24h2 →

Windows Server 2025 by Microsoft

View all CVEs affecting Windows Server 2025 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of network connectivity on affected systems requiring manual intervention to restore service

🟠

Likely Case

Temporary network disruption until DHCP client service automatically restarts or system is rebooted

🟢

If Mitigated

Minimal impact with service restarting automatically or network redundancy in place

🌐 Internet-Facing: LOW - DHCP typically operates on internal networks, not directly internet-facing

🏢 Internal Only: MEDIUM - Internal attackers could disrupt network connectivity for targeted systems

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to send DHCP packets to vulnerable systems

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security updates released in March 2025 monthly security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21179

Restart Required: Yes

Instructions:

1. Apply March 2025 Windows security updates via Windows Update. 2. For enterprise environments, deploy updates through WSUS or Microsoft Endpoint Configuration Manager. 3. Restart affected systems to complete installation.

🔧 Temporary Workarounds

Disable DHCP Client Service

windows

Configure systems with static IP addresses instead of DHCP

sc config dhcp start= disabled
sc stop dhcp

Network Segmentation

all

Restrict DHCP traffic to trusted network segments only

🧯 If You Can't Patch

Implement network ACLs to restrict DHCP traffic to authorized DHCP servers only
Monitor for unusual DHCP traffic patterns and implement IDS/IPS rules to detect exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if system is running affected Windows versions without March 2025 security updates installed

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify March 2025 security updates are installed via Windows Update history or systeminfo command

📡 Detection & Monitoring

Log Indicators:

Event ID 1000 in Application logs for dhcpcore.dll crashes
Unexpected DHCP client service restarts

Network Indicators:

Unusual DHCP traffic from non-DHCP server sources
DHCP packets with malformed options

SIEM Query:

EventID=1000 AND SourceName="Application Error" AND ProcessName="svchost.exe" AND ModuleName="dhcpcore.dll"

📊 Metadata

CVE ID: CVE-2025-21179

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-125

EPSS Score: 0.63% exploit probability (69.7th percentile)

Published: February 11, 2025

Last Updated: February 25, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21179 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21179, you might also want to check these: