FragmentSmack vulnerability also affects Windows, but Microsoft patched it


Microsoft has fixed this week a vulnerability that can cause Windows systems to become unresponsive with 100% CPU utilization when bombarded with malformed IPv4 or IPv6 packets.

The vulnerability is already well known in the Linux community as FragmentSmack, part of a duo of DDoS-friendly vulnerabilities, together with SegmentSmack.

Both vulnerabilities allow an attacker to bombard a server with malformed packets to trigger excessive resource usage.

The SegmentSmack (CVE-2018-5390) vulnerability uses malformed TCP packets, while the FragmentSmack (CVE-2018-5391) vulnerability relies on IP packets.

Because of their consequences, both bugs were deemed ideal to integrate into DDoS botnets, and as a result, many Linux distros hurried to patch their systems.

The Linux Kernel team patched both issues in July and August –patches that flowed into the downstream Linux community– and US Computer Emergency Readiness Team (CERT) released an advisory in mid-August, warning cloud and hosting service providers to update systems as soon as possible.

At the time, in mailing lists carrying discussions about the two vulnerabilities, Juha-Matti Tilli of Nokia Labs and the Department of Communications and Networking at the Aalto University, the researcher who discovered both flaws, said the two bugs might also affect macOS and Windows.

This week, Microsoft confirmed that Windows was, indeed, vulnerable to FragmentSmack.

Fixes were deployed to all Windows supported versions, such as 7, 8.1, 10, and all the Windows Server variants, as part as security advisory ADV180022, released with the company’s monthly security updates train, known as Patch Tuesday.

Just like on Linux, FragmentSmack affects Windows systems in the same way, and drives CPU usage to 100%, blocking activity on the attacked system until the attacker stops sending malformed IP packets.

While desktop users will rarely see a FragmentSmack attack, admins of Windows-based servers should apply the latest fixes at their earliest convenience.

The ADV180022 advisory also includes some mitigations that will stop FragmentSmack attacks from jamming a server, in case patches can’t be applied right away.

Microsoft says its Azure infrastructure has already been reinforced against this threat. The OS maker did not provide any additional details about FragmentStack’s twin vulnerability –SegmentSmack– but if we are to believe Tilli, that flaw might work against Windows systems as well.