External risk intelligence

Windows DHCP Server Network Tampering Vulnerability.

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2026-45602

A network tampering vulnerability in Windows DHCP Server could allow an unauthorized attacker to modify data without authentication. This could impact network stability and traffic redirection, necessitating confirmation of its presence and exposure within the environment.

2Halo Surface Signal

Microsoft Windows 10 1607

before 10.0.14393.9234before 10.0.17763.8880before 10.0.19044.7417before 10.0.19045.7417before 10.0.22631.7219before 10.0.26100.8655before 10.0.26200.8655before 10.0.28000.2269r2b...

External exposure likelihood

Halo Surface Signal score for CVE-2026-45602

The vulnerability affects a DHCP server, which is a protocol typically restricted to internal network segments or local broadcast domains to manage IP assignments. While network-reachable in internal environments, it is not designed for or commonly exposed directly to the public internet in standard deployment patterns.

PCI scan relevance

PCI Relevance for CVE-2026-45602

Yes

CVE-2026-45602 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability allows an unauthorized attacker to tamper with data over a network, which could lead to a PCI ASV scan failure.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in Windows DHCP Server, allowing unauthorized network access for data tampering. This issue presents a significant risk due to its potential for widespread impact without requiring any prior access or privileges. The primary concern is to confirm if our environment utilizes this specific technology and is exposed.

Unauthenticated network attackers can tamper with data.
Critical systems need validation for potential exposure.
Confirm relevance; address if impacted.

Attack Path

How an attacker could exploit the issue

An attacker on the network could potentially target a Windows DHCP server. By sending specially crafted network packets, they might be able to tamper with the server's operations. This vulnerability could lead to a significant compromise of data integrity and confidentiality on the affected system.

Attacker must be on the network.
Trigger is sending crafted network packets.
Risk is data tampering and exposure.

Live Threat

Current exploitation, exposure, and threat context

Windows DHCP Server tampering could allow an unauthorized attacker to modify network configurations when supported by the advisory. This could impact network stability and potentially redirect traffic.

Network configuration data at risk.
Tampering may occur over a network.
Disrupts network operations.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Windows DHCP Server impacts infrastructure and network teams responsible for network services. The first practical step is to identify all DHCP server instances, confirm their network reachability and criticality, and then engage the system owners to plan remediation.

Infrastructure and Network Teams
Verify DHCP server reachability and criticality.
Plan and execute remediation based on risk.

Frequently asked questions

What is Windows DHCP Server?

Windows DHCP Server is a core network service that automatically assigns IP addresses and configuration parameters to devices on a network. By managing these assignments, it ensures that computers, printers, and other hardware can communicate correctly without manual setup. It acts as the central coordinator for network connectivity within an environment.

What does CVE-2026-45602 mean for data integrity?

This vulnerability represents a weakness that allows an unauthorized attacker to modify or tamper with information processed by the DHCP service. Because it affects how the server handles network communication, an attacker could potentially alter critical configuration data, impacting the reliability and accuracy of the network's address management.

How can an attacker trigger this vulnerability?

An attacker triggers this bug by sending specially crafted network packets to the DHCP server. Crucially, this process does not require the attacker to have prior authentication or existing system privileges. Simply being able to reach the server over the network is the primary requirement for initiating these malicious packets.

Is my network at risk from this vulnerability?

According to Halo Surface Signal, this vulnerability is considered unlikely to be exposed to the public internet because DHCP is typically restricted to internal segments or local broadcast domains. While internal network segments remain relevant, systems that are not directly reachable from the outside are generally not exposed to internet-based attacks in standard configurations.

What should I do if I manage Windows DHCP servers?

Begin by creating an inventory of all active DHCP server instances in your environment to understand your footprint. Once identified, evaluate the network reachability of these servers to determine which are most accessible. Finally, coordinate with your system administration and infrastructure teams to prioritize and plan the necessary software updates.

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45602

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.