Microsoft released security recommendations regarding the vulnerability called FragmentSmack with the code number CVE-2018-5391. The exploit implements DoS-attacks, allowing an attacker to cause a full load of the CPU, because of which the OS ceases to respond to external influences. Vulnerabilities are affected by all versions of the operating system, starting with Windows 7, not having the latest security updates.
To implement the attack, an attacker sends a stream of eight-byte fragmented IP packets to the victim's computer with a random offset of the fragment. However, the last fragment is not sent. When the system tries to collect information into a single file, the worst case of the algorithm for processing the associated array is implemented. As a result, the load on the central processor reaches 100%. System performance is restored as soon as data flow ceases.
A similar vulnerability was observed in Windows 3.11 and 95, and resulted in a system crash.
The OS developers has already prepared the necessary updates. In case the user for some reason can not make an update, Microsoft recommends that to block the assembly of packages using console commands:
Netsh int ipv4 set global reassemblylimit = 0 Netsh int ipv6 set global reassemblylimit = 0
The company warns that these actions can lead to packet loss.
The Microsoft Azure FragmentSmack service will not have any effect, malicious traffic is blocked by external layers of protection for virtual machines.
FragmentSmack is a cross-platform vulnerability. In August 2018, this exploit was detected in Linux-based systems version 3.9 and higher. Developers have already released updates that eliminate the possibility of attack on this vector.