FragmentSmack vulnerability also affects Windows, but Microsoft patched it

FragmentStack can drive CPU usage up through the roof, jamming servers bombarded with malformed IP packets. Just the ideal vulnerability for DDoS attacks on Windows servers.
Written by Catalin Cimpanu, Contributor

Microsoft has fixed this week a vulnerability that can cause Windows systems to become unresponsive with 100% CPU utilization when bombarded with malformed IPv4 or IPv6 packets.

The vulnerability is already well known in the Linux community as FragmentSmack, part of a duo of DDoS-friendly vulnerabilities, together with SegmentSmack.

Also: Best Home Security Devices for 2018 CNET

Both vulnerabilities allow an attacker to bombard a server with malformed packets to trigger excessive resource usage.

The SegmentSmack (CVE-2018-5390) vulnerability uses malformed TCP packets, while the FragmentSmack (CVE-2018-5391) vulnerability relies on IP packets.


Also: Security flaw can leak Intel ME encryption keys

Because of their consequences, both bugs were deemed ideal to integrate into DDoS botnets, and as a result, many Linux distros hurried to patch their systems.

The Linux Kernel team patched both issues in July and August --patches that flowed into the downstream Linux community-- and US Computer Emergency Readiness Team (CERT) released an advisory in mid-August, warning cloud and hosting service providers to update systems as soon as possible.

At the time, in mailing lists carrying discussions about the two vulnerabilities, Juha-Matti Tilli of Nokia Labs and the Department of Communications and Networking at the Aalto University, the researcher who discovered both flaws, said the two bugs might also affect macOS and Windows.

Also: Google fixes Chrome issue that allowed theft of WiFi logins

This week, Microsoft confirmed that Windows was, indeed, vulnerable to FragmentSmack.

Fixes were deployed to all Windows supported versions, such as 7, 8.1, 10, and all the Windows Server variants, as part as security advisory ADV180022, released with the company's monthly security updates train, known as Patch Tuesday.

Just like on Linux, FragmentSmack affects Windows systems in the same way, and drives CPU usage to 100%, blocking activity on the attacked system until the attacker stops sending malformed IP packets.

Also: 7 tips for SMBs to improve data security TechRepublic

While desktop users will rarely see a FragmentSmack attack, admins of Windows-based servers should apply the latest fixes at their earliest convenience.

The ADV180022 advisory also includes some mitigations that will stop FragmentSmack attacks from jamming a server, in case patches can't be applied right away.

Microsoft says its Azure infrastructure has already been reinforced against this threat. The OS maker did not provide any additional details about FragmentStack's twin vulnerability --SegmentSmack-- but if we are to believe Tilli, that flaw might work against Windows systems as well.

h/t Ruben Dodge

These are 2018's biggest hacks, leaks, and data breaches

Previous and related coverage:

What is malware? Everything you need to know

Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.

Security 101: Here's how to keep your data private, step by step

This simple advice will help to protect you against hackers and government surveillance.

VPN services 2018: The ultimate guide to protecting your data on the internet

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

Editorial standards