CVE-2023-35643: 
vulnerability analysis and mitigation

The DHCP Server Service Information Disclosure Vulnerability (CVE-2023-35643) was discovered and disclosed in December 2023. This vulnerability affects multiple Microsoft Windows Server versions, including Windows Server 2012, 2012 R2, 2016, 2019, and 2022. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) (NVD, Microsoft).

The vulnerability is classified as a Buffer Over-read (CWE-126) issue in the DHCP Server Service. It has been assigned a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating that it can be exploited remotely with low attack complexity, requires no privileges or user interaction, and potentially leads to high confidentiality impact (NVD).

The vulnerability could allow unauthorized information disclosure from the affected DHCP Server Service. The attack has a high confidentiality impact but does not affect system integrity or availability (Hacker News).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5033429 (Windows Server 2012), KB5033420 (Windows Server 2012 R2), KB5033373 (Windows Server 2016), KB5033371 (Windows Server 2019), and KB5033118/KB5033383 (Windows Server 2022) (Rapid7).