DHCP Archives

Winsage

June 27, 2025

How to configure multiple DHCP scopes on one Windows server

Administrators use the Dynamic Host Configuration Protocol (DHCP) service to manage IP address configurations for clients efficiently. Deploying multiple DHCP scopes on a single server is more practical than having separate servers for each subnet. DHCP operates through a four-step lease process: discover, offer, request, and acknowledge. To install a DHCP server, the PowerShell cmdlet Install-WindowsFeature DHCP -IncludeManagementTools is used, and the server must be authorized in Active Directory. A single DHCP server can manage multiple scopes, each with specific configurations for different subnets, such as DevNet, ProdNet, SalesNet, and EngineersNet. Each scope can have unique IP address ranges and settings, and additional scopes can be created by adding network interface cards (NICs) to the server. Server options apply globally, while scope options are specific to individual scopes. Reserved IP addresses can also be configured within each scope.

Winsage

June 18, 2025

Microsoft broke DHCP for Windows Server last Patch Tuesday

Microsoft has acknowledged that the updates released on June 10 during Patch Tuesday may disrupt the Dynamic Host Configuration Protocol (DHCP) service on Windows Server versions 2025, 2022, 2019, and 2016. The DHCP Server service might intermittently stop responding after installing this security update, causing issues for network administrators as clients may be unable to renew their IP addresses. There is currently no viable workaround for affected users other than rolling back the patch, which is not ideal due to the critical security fixes included in the update. The impact of this issue varies among users, with some experiencing significant problems while others report no disruptions. Microsoft is working on a resolution and will provide further information soon. Additionally, Microsoft has faced challenges with its Surface Hub v1 devices, requiring an out-of-band update.

Winsage

June 16, 2025

Windows Server update may disrupt IP refreshes

Microsoft has acknowledged that the June security update has caused complications for users of Windows Server systems, specifically affecting the Dynamic Host Configuration Protocol (DHCP) service, which is failing and leading to improper functioning of IP refreshes. The issue impacts multiple versions of Windows Server, including 2016 (KB5061010), 2019 (KB5060531), 2022 (KB5060526), and 2025 (KB5060842). Users have reported that the DHCP service may stop responding after installing the update, with one administrator noting their 2016 server crashed shortly after the update was applied. Microsoft is working on a solution and advises affected users to uninstall the update to restore functionality. The company has a history of DHCP-related issues dating back over a decade and has faced other problems with Windows Server updates in the past year, including issues with keyboard and mouse inputs and authentication challenges.

Winsage

June 16, 2025

Microsoft: June Windows Server security updates cause DHCP issues

Microsoft has identified an issue with the June 2025 security updates that causes the Dynamic Host Configuration Protocol (DHCP) service to freeze on certain Windows Server systems. This affects the service's ability to apply renewals of unicast IP addresses, impacting network operations. Microsoft has acknowledged that the DHCP Server service may intermittently stop responding after the update and is working on a resolution. Additionally, other issues affecting Windows Server systems have been addressed, including application failures and authentication problems on domain controllers. Out-of-band updates were previously issued to fix bugs causing Hyper-V virtual machines to restart or freeze, and emergency updates were released for issues with Windows containers on certain Windows Server versions.

Winsage

June 11, 2025

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

On June 2025 Patch Tuesday, Microsoft released security updates for 66 vulnerabilities, including one actively exploited and one publicly disclosed zero-day vulnerability. The updates addressed ten "Critical" vulnerabilities, with eight being remote code execution vulnerabilities and two related to elevation of privileges. The breakdown of vulnerabilities includes 13 Elevation of Privilege, 3 Security Feature Bypass, 25 Remote Code Execution, 17 Information Disclosure, 6 Denial of Service, and 2 Spoofing vulnerabilities. The actively exploited zero-day vulnerability is CVE-2025-33053, a WebDAV Remote Code Execution vulnerability, while the publicly disclosed zero-day is CVE-2025-33073, a Windows SMB Client Elevation of Privilege vulnerability. Other companies also released updates in June 2025, including Adobe, Cisco, Fortinet, Google, HPE, Ivanti, Qualcomm, Roundcube, and SAP, addressing various vulnerabilities across their products.

Winsage

April 26, 2025

Windows 11 KB5055627 update released with 30 new changes, fixes

Microsoft has released the KB5055627 preview cumulative update for Windows 11 24H2, which introduces new features and bug fixes. This update is part of optional non-security preview updates and does not include security updates. Users can install it via Settings under Windows Update or download it directly from the Microsoft Update Catalog. The update elevates Windows 11 24H2 systems to build 26100.3915 and includes features such as Recall (preview), Click to Do (preview), improved Windows Search, Narrator enhancements, Phone Link, interactive Widgets, curated views in File Explorer, updated Settings for app recommendations, and Windows Studio Effects. It also addresses bugs related to blue screen errors, DHCP Client connectivity issues, Windows Hello functionality, and provides estimated offline times for updates. Notable issues include potential installation blocks for Citrix components and download issues for Roblox players on Windows Arm devices, with workarounds available.

Winsage

February 23, 2025

The Windows Concept Journey — ICS (Internet Connection Sharing)

Internet Connection Sharing (ICS) is a feature in Windows that allows a device with internet access to share its connection with other devices on a local area network (LAN). To enable or disable ICS, users can go to the Control Panel, access "Network Connections," right-click on the LAN or Wi-Fi device, select "Properties," click on the "Sharing" tab, and toggle the checkbox for "Allow other network users to connect through this computer’s Internet connection." ICS can also be configured using PowerShell or the netsh.exe command. It provides services such as DHCP and NAT and can share various connection types, including dial-up, PPPoE, and VPN. ICS has been integrated with UPnP since Windows XP for remote discovery and control. The settings for ICS are stored in the Windows registry at "HKLMSOFTWAREPoliciesMicrosoftWindowsNetwork Connections."

Winsage

February 12, 2025

Microsoft takes it easy on February’s Patch Tuesday

Microsoft released a total of 63 patches in February, including six previously released ones. Two vulnerabilities, CVE-2025-21418 (CVSS 7.8) and CVE-2025-21391 (CVSS 7.1), are actively exploited and require local access and authentication for exploitation. CVE-2025-21418 affects the Windows Ancillary Function Driver for Winsock, allowing attackers to gain SYSTEM-level privileges on Windows 10, 11, and various Windows Server versions. CVE-2025-21391 affects Windows Storage, enabling local attackers to delete files under certain conditions. Two publicly known vulnerabilities, CVE-2025-21194 (CVSS 7.1) and CVE-2025-21377 (CVSS 6.5), have not yet been exploited. CVE-2025-21194 exposes PCs to potential hypervisor and secure kernel compromises, while CVE-2025-21377 risks leaking a user's NTLMv2 hash with minimal user interaction. CVE-2025-21198, rated at CVSS 9.0, allows remote code execution in high-performance computing infrastructures, requiring network access to a targeted HPC cluster. Excel users should address five patches rated at 7.8, particularly CVE-2025-21381, which has potential for remote code execution through local attack vectors. As of February 11, administrators must configure the StrongCertificateBindingEnforcement registry key on domain controllers to avoid transitioning to Full Enforcement mode by February 2025. CVE-2025-21177 (CVSS 8.7) has been fully mitigated by Microsoft. Adobe released 45 updates, with 31 addressing vulnerabilities in Adobe Commerce, and critical patches for InDesign and Illustrator. SAP issued 21 patches affecting NetWeaver and addressing cross-site scripting issues. Fortinet released security updates for various products, including a critical authentication bypass vulnerability in FortiOS and FortiProxy (CVSS 9.6).

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Actively Exploited in the Wild

Microsoft's February Patch Tuesday update addresses 61 vulnerabilities, including 25 critical Remote Code Execution (RCE) vulnerabilities. Three of these are zero-days, actively exploited before the update: 1. CVE-2023-24932: Secure Boot security feature bypass requiring physical access or administrative rights. 2. CVE-2025-21391: Windows Storage elevation of privilege vulnerability that could lead to data deletion. 3. CVE-2025-21418: Vulnerability in Windows Ancillary Function Driver for WinSock allowing privilege escalation. Critical vulnerabilities include: - CVE-2025-21376: Windows LDAP RCE vulnerability. - CVE-2025-21379: RCE vulnerability in DHCP Client Service. - CVE-2025-21381: RCE vulnerability in Microsoft Excel. The update also addresses additional vulnerabilities related to remote code execution, elevation of privilege, denial of service, security feature bypass, spoofing, and information disclosure across various Microsoft products. Microsoft advises immediate application of the updates to mitigate risks.

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE’s Fixed

Microsoft released its February 2025 Patch Tuesday security updates, addressing over 61 vulnerabilities across its products. The updates include: - 25 Remote Code Execution vulnerabilities - 14 Elevation of Privilege vulnerabilities - 6 Denial of Service vulnerabilities - 4 Security Feature Bypass vulnerabilities - 2 Spoofing vulnerabilities - 1 Information Disclosure vulnerability Notable critical vulnerabilities include: - CVE-2025-21376: Remote code execution risk via LDAP protocol. - CVE-2025-21379: Flaw in DHCP client service allowing system compromise via crafted network packets. - CVE-2025-21381, CVE-2025-21386, CVE-2025-21387: Multiple vulnerabilities in Microsoft Excel enabling code execution through specially crafted files. - CVE-2025-21406, CVE-2025-21407: Vulnerabilities in Windows Telephony Service allowing remote code execution. Two vulnerabilities confirmed as actively exploited: - CVE-2023-24932: Bypass of Secure Boot protections. - CVE-2025-21391: Elevated privileges on affected systems. - CVE-2025-21418: Gain SYSTEM privileges through exploitation. Other notable fixes include vulnerabilities in Visual Studio and Microsoft Office that could lead to remote code execution. Users can apply updates via Windows Update, Microsoft Update Catalog, or WSUS. Microsoft emphasizes the urgency of these updates due to the active exploitation of certain vulnerabilities.