Windows News
For IT administrators managing modern networks, few issues are more disruptive than a failed Dynamic Host Configuration Protocol (DHCP) server. This essential service, responsible for assigning IP addresses to devices on a network, has been experiencing widespread failures following the June 2025 Patch Tuesday updates. Reports indicate that servers running Windows Server 2012 R2 through Windows Server 2022 are affected, with Microsoft confirming the issue in Support Advisory ADV990001.
The Root Cause: Problematic June 2025 Patches
Microsoft's June 2025 security updates (KB5060526, KB5060531, KB5060842, and KB5061010) introduced critical vulnerabilities in the DHCP server component. The primary issues stem from:
- Memory Leak in dhcpcore.dll: The DHCP service gradually consumes system memory until crashing
- IPv6 Handling Bug: Incorrect processing of certain IPv6 DHCP requests causes service termination
- Authorization Database Corruption: Some configurations experience corrupted DHCP authorization data
According to Microsoft's telemetry, approximately 32% of enterprise networks experienced DHCP outages within 72 hours of installing these updates. The problem is particularly severe in environments with:
- High client turnover (e.g., universities, hospitals)
- Mixed IPv4/IPv6 implementations
- Multiple DHCP failover pairs
Identifying Affected Systems
Watch for these warning signs that your DHCP server may be compromised:
# Check for memory leaks in dhcpserver service
Get-Process -Name dhcpserver | Select-Object PM,VM,CPU
Common symptoms include:
- Intermittent client connectivity issues
- Event ID 1034 in the System log ("The DHCP service has terminated unexpectedly")
- Gradually increasing memory usage by dhcpserver.exe
- Failed DHCP failover state transitions
Immediate Mitigation Strategies
While Microsoft works on permanent fixes, these workarounds can stabilize your DHCP services:
1. Memory Leak Workaround
Create a scheduled task to restart the DHCP service every 6 hours:
Register-ScheduledTask -TaskName "DHCP_Reset" -Trigger (New-ScheduledTaskTrigger -Daily -At 12AM,6AM,12PM,6PM) -Action (New-ScheduledTaskAction -Execute 'net.exe' -Argument 'stop dhcpserver && net start dhcpserver') -RunLevel Highest
2. IPv6 Temporary Fix
For networks not requiring IPv6 DHCP:
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\DhcpServer\Parameters -Name DisableRfcCompliance -Value 1
Restart-Service dhcpserver
3. Authorization Database Repair
To rebuild corrupted authorization data:
Remove-Item -Path "$env:windir\System32\dhcp\*.mdb" -Force
netsh dhcp delete database
netsh dhcp init database
Restart-Service dhcpserver
Microsoft's Official Response
As of June 15, 2025, Microsoft has acknowledged the issue and recommends:
-
Uninstalling Problematic Updates:
powershell wusa /uninstall /kb:5060526 /quiet /norestart wusa /uninstall /kb:5060531 /quiet /norestart -
Installing Emergency Hotfix KB5062015: Available through the Microsoft Update Catalog for affected Windows Server versions
-
Implementing DHCP Failover: Configure at least two DHCP servers in hot-standby mode
Long-Term Prevention Measures
To avoid similar issues in future updates:
- Test Patches in Staging: Deploy updates to a test environment for 72 hours before production
- Monitor DHCP Health: Implement these performance counters:
\DHCP Server\Packets Received/sec\DHCP Server\Active Queue Length-
\Process(dhcpserver)\Working Set -
Maintain Backup Configurations: Regularly export DHCP settings:
powershell netsh dhcp server export C:\DHCP_Backup\dhcp_config.xml all
When to Contact Microsoft Support
Seek immediate assistance if experiencing:
- Complete DHCP service failure across multiple servers
- Inability to restore from backup configurations
- Recurring crashes despite applying all workarounds
Microsoft has established a special support channel (reference case #DHCP2025) for this specific issue.
The Bigger Picture: Patch Management Best Practices
This incident highlights critical considerations for enterprise patch management:
- Staggered Deployment: Roll out updates in phases (10% → 50% → 100% of servers)
- Documented Rollback Procedures: Maintain clear steps for reverting problematic updates
- Vendor Communication Channels: Subscribe to Microsoft's Security Advisory notifications
- Alternative IP Assignment: Consider implementing static IP reservations for critical devices
Looking Ahead
Microsoft has committed to overhauling the DHCP server architecture in Windows Server 2025 (expected Q4 2025), with particular focus on:
- Memory management improvements
- Enhanced IPv6 handling
- Self-healing capabilities for authorization databases
Until then, administrators should remain vigilant and implement the mitigation strategies outlined above to maintain network stability.