CVE-2026-48564 - DHCP Server Service Remote Code Execution Vulnerability - is a heap-based buffer overflow in the DHCP Server service that can lead to remote code execution. Microsoft rates it CVSS v3.1 base 8.8 (High) with a temporal score of 7.7; the vector is NETWORK, LOW attack complexity, LOW privileges required, and NO user interaction, with HIGH confidentiality, integrity, and availability impacts. Microsoft says exploitation is not publicly disclosed, not exploited, and exploit code maturity is UNPROVEN. The FAQ states an authenticated attacker could use a specially crafted RPC call to the DHCP service. For enterprise environments, this is a high-risk server-side network service issue, especially on exposed or widely reachable DHCP servers. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; network vector, LOW attack complexity, LOW privileges required, and NO user interaction, but authenticated access is required per Microsoft’s FAQ. - Severity for enterprise: High severity in enterprise settings because it affects a network-exposed Windows service and can lead to full code execution on affected DHCP servers; the need for authenticated access lowers exposure compared with unauthenticated remote attacks. - Patch status: available Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows Server 2012 - Windows Server 2012 R2 - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025