Microsoft patcht vulnerability that cripples Windows servers

Microsoft released a patch for FragmentSmack. The attack drives the CPU consumption of a Windows system up to 100 percent, so that it no longer responds. The vulnerability is ideal for DDoS attacks on Windows servers.

FragmentSmack (CVE-2018-5391) has been known in the Linux community for a long time and was patched last summer by the Linux Kernel team together with the similar SegmentSmack bug (CVE-2018-5390). Both vulnerabilities allow to provoke excessive resource use on a server by sending custom IP and TCP packets. This makes the bugs particularly suitable for use in DDoS attacks.

The vulnerabilities were discovered by Juha-Matti Tilli of Nokia Labs. At the moment of discovery, the researcher already speculated that the bugs might also affect macOS and Windows. Microsoft confirmed at the end of last week that Windows is indeed vulnerable to FragmentSmack and already made a patch available.

Like Linux, FragmentSmack drives Windows CPU consumption to 100 percent, blocking all system activity until the attacker stops sending manipulated network packets. The risk of a FragmentSmack attack is not so great on desktop systems, but once again on Windows Server. Server administrators should therefore update as soon as possible.

Patch available

Microsoft has made the patch available for all still supported versions of Windows and Windows Server. The code is part of this month’s latest Patch Tuesday update. In a security advisory, Microsoft also provides a number of mitigations to temporarily protect against an attack in the event that the patch cannot be implemented immediately.

Microsoft’s own Azure infrastructure is already resistant to the threat. The company has not yet expressed an opinion on SegmentSmack, but if we are to believe Tilli, it cannot be ruled out that Windows is also vulnerable to this.