FragmentSmack Vulnerability to be Discovered in Windows

The vulnerability affects all versions of Windows 7 through 10, Server 2008, 2012, 2016, and Core Installations that don't have the latest security updates 
18 September 2018   590

Microsoft released security recommendations regarding the vulnerability called FragmentSmack with the code number CVE-2018-5391. The exploit implements DoS-attacks, allowing an attacker to cause a full load of the CPU, because of which the OS ceases to respond to external influences. Vulnerabilities are affected by all versions of the operating system, starting with Windows 7, not having the latest security updates.

To implement the attack, an attacker sends a stream of eight-byte fragmented IP packets to the victim's computer with a random offset of the fragment. However, the last fragment is not sent. When the system tries to collect information into a single file, the worst case of the algorithm for processing the associated array is implemented. As a result, the load on the central processor reaches 100%. System performance is restored as soon as data flow ceases.

A similar vulnerability was observed in Windows 3.11 and 95, and resulted in a system crash.

The OS developers has already prepared the necessary updates. In case the user for some reason can not make an update, Microsoft recommends that to block the assembly of packages using console commands:

Netsh int ipv4 set global reassemblylimit = 0
Netsh int ipv6 set global reassemblylimit = 0

The company warns that these actions can lead to packet loss.

The Microsoft Azure FragmentSmack service will not have any effect, malicious traffic is blocked by external layers of protection for virtual machines.

FragmentSmack is a cross-platform vulnerability. In August 2018, this exploit was detected in Linux-based systems version 3.9 and higher. Developers have already released updates that eliminate the possibility of attack on this vector.

Red Hat Shareholders Approve IBM Business Deal

The $ 34 billion transaction is scheduled for completion in the second quarter of 2019
18 January 2019   88

At a recent meeting of the shareholders of Red Hat, the terms of the deal to sell the Red Hat business to IBM were agreed. The owners of 141 million shares of Red Hat voted to conduct the transaction, the owners of 181 thousand shares spoke against, and the owners of 462 thousand shares abstained. This is reported by the News and Observer

Earlier in October, the deal was agreed at the level of boards of directors of Red Hat and IBM. Until the transaction is completed, it remains to obtain permission from the antimonopoly services of the countries in which the companies are registered. The transaction is scheduled for completion in the second quarter of 2019. The amount of the transaction is approximately $ 34 billion, estimated at $ 190 per share (now the value of the Red Hat share is $ 175, and at the time of the announcement of the transaction was $ 116).

Recall that after the completion of the takeover, Red Hat will continue to operate as a separate unit in the IBM Hybrid Cloud group. IBM will retain the open development model adopted by Red Hat and will continue to support the community that has evolved around Red Hat products. Including will continue to participate in various open source projects, the development of which was involved the company Red Hat. In addition, IBM and Red Hat will continue to defend the interests of free software, providing patent protection and the ability to use their patents in open source software.