Be Careful of Your UDP Service: Preauth DoS on Windows Deployment Service

&gt; The core issue is that `EndpointSessionMapEntry` imposes no limit on the number of sessions. Consequently, an attacker can forge fake client IP addresses and port numbers , repeatedly creating new sessions until system resources are exhausted.<p>Aren&#x27;t you just able to flood any DHCP server instead? PXE deployment already hinges on DHCP provision &gt; PXE broadcast &gt; download image &gt; launch, you might as well just exhaust the DHCP server&#x27;s pool by using all ephemeral addresses or spoofing MAC addresses endlessly.<p>Additionally, WDS is active only in-LAN and usually only on areas like employee office networks (i.e.: not listening on the servers&#x27; subnet, for example, unlike AD services). You&#x27;d need lateral movement to an &quot;office LAN&quot; to reach said WDS server.

How is this different than any other run-of-the-mill DOS attack you can do when you&#x27;re on a LAN? Even if this vulnerability doesn&#x27;t exist, there&#x27;s all sorts of shenanigans you can pull, like mulitcast flooding, or ARP spoofing.

Note the link may prompt Google Account re-auth, strangely it did on my work browser. Opening in incognito side-steps this.