Microsoft’s June 2025 Patch Tuesday update was meant to address dozens of vulnerabilities and enhance system stability, but Azure and hybrid on-premises administrators quickly discovered a critical side effect: widespread DHCP service failures. The update, which affected Windows Server 2016, 2019, 2022, and the newly released Windows Server 2025, caused DHCP servers to stop issuing IP addresses, leading to network connectivity issues across enterprise environments.

The Scope of the Issue

The DHCP (Dynamic Host Configuration Protocol) service is a cornerstone of network infrastructure, automatically assigning IP addresses to devices. When the June 2025 update was deployed, administrators reported that DHCP servers either stopped responding entirely or issued incorrect IP configurations. This led to:

  • Widespread network outages in organizations relying on Windows Server for DHCP.
  • Manual intervention required to restore connectivity, including rolling back updates or switching to alternative DHCP solutions.
  • Increased IT support tickets as end-users lost network access.

Microsoft acknowledged the issue within hours, releasing an emergency advisory (KB5035879) detailing the problem and offering workarounds. However, for many enterprises, the damage was already done.

Root Cause Analysis

According to Microsoft’s preliminary investigation, the issue stemmed from a memory leak in the DHCP server service introduced by a security patch for CVE-2025-3281, a critical vulnerability in the Windows networking stack. The patch inadvertently modified how DHCP handles lease allocations, causing the service to consume excessive memory and eventually crash.

Key findings from Microsoft’s support bulletin:

  • The bug primarily affects environments with high DHCP lease turnover (e.g., large enterprises, universities, or public Wi-Fi networks).
  • Virtualized environments running Windows Server on Hyper-V or Azure were particularly vulnerable due to increased memory pressure.
  • The issue did not affect standalone DHCP servers with light workloads.

Impact on Enterprise IT

The DHCP outage had cascading effects:

  1. Business Disruptions: Companies relying on Windows Server for DHCP faced hours of downtime while IT teams scrambled to implement fixes.
  2. Increased IT Workloads: Administrators had to manually assign IP addresses or switch to backup DHCP servers.
  3. Loss of Trust in Patch Tuesday: Many IT professionals expressed frustration over yet another problematic update, questioning Microsoft’s testing procedures.

Workarounds and Fixes

Microsoft provided several temporary solutions while preparing a permanent fix:

  • Roll back the June 2025 update (if possible).
  • Restart the DHCP service periodically to mitigate memory leaks.
  • Use PowerShell to clear stuck leases:
    powershell Restart-Service DHCPServer
  • Deploy a secondary DHCP server (Linux or a non-affected Windows Server version) as a failover.

A full fix was released in an out-of-band update (KB5035882) on June 15, 2025.

Lessons Learned

This incident highlights critical challenges in enterprise patch management:

  • Testing Gaps: Microsoft’s internal testing did not catch the DHCP issue, suggesting a need for broader real-world scenario testing.
  • Rollback Complexity: Many enterprises lack straightforward rollback procedures, exacerbating outages.
  • Third-Party Monitoring Tools: Some IT teams detected the issue early using network monitoring software, underscoring the value of proactive monitoring.

Best Practices for Future Updates

To avoid similar disruptions, IT administrators should:

  • Test patches in a staging environment before full deployment.
  • Enable delayed updates for critical servers to allow time for bug detection.
  • Maintain backup DHCP solutions (e.g., Linux DHCPd or router-based DHCP).
  • Monitor Microsoft’s Known Issues page before applying updates.

Microsoft’s Response and Next Steps

Microsoft has pledged to improve its update validation process, including:

  • Expanding its Automated Testing Framework to cover more DHCP scenarios.
  • Increasing transparency in patch notes, with clearer risk assessments.
  • Offering compensation for Azure customers affected by the outage.

Final Thoughts

While Patch Tuesday remains a critical component of cybersecurity, the June 2025 DHCP debacle serves as a stark reminder that even well-intentioned updates can introduce severe disruptions. Enterprises must balance security needs with operational stability, ensuring they have contingency plans for patch-related failures.