Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Security Advisory ADV180022 | Windows Denial of Service Vulnerability

12 Sep 2018   #1
Brink

64-bit Windows 10 Pro
 
 
Security Advisory ADV180022 | Windows Denial of Service Vulnerability

Quote:
Microsoft is aware of a denial of service vulnerability (named "FragmentSmack" CVE-2018-5391) affecting Windows systems. An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassembling IP fragments. A system under attack would become unresponsive with 100% CPU utilization but would recover as soon as the attack terminated.

Recommended actions

To protect your system from this vulnerability, Microsoft recommends that you take the following actions:
  1. Register for security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
  2. Test and apply security updates. See the Affected Products table to download and install the updates.
  3. If you cannot apply the security updates immediately, you can apply the workdaround described in FAQ #1.
FAQ

1. What workaround(s) exist for this vulnerability?

The following commands disable packet reassembly. Any out-of-order packets are dropped. There is a potential for packet loss when discarding out-of-order packets. Valid scenarios should not exceed more than 50 out-of-order fragments.

We recommend testing prior to updating production systems.
Code:
Netsh int ipv4 set global reassemblylimit=0
Netsh int ipv6 set global reassemblylimit=0

Further netsh guidance can be found at netsh.

2. Is Azure affected?

Azure fabric layer protections mitigate this vulnerability. This is blocked before traffic reaches Azure VMs.

3. What can I do at the perimeter to block this attack?

Review the perimeter device guidance and modify reassembly packet limits similar to the commands listed in FAQ #1.

Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Refer to FAQ #1 for the Workaround for this vulnerability.


Read more: https://portal.msrc.microsoft.com/en...sory/ADV180022


My System SpecsSystem Spec
.
12 Sep 2018   #2
F22 Simpilot

Windows 7 Ultimate x64
 
 

So what is the vector here? A carefully crafted web page or some other fetched web service that could do this?

It looks like this also effects Linux doing a Google search for CVE-2018-5391.
My System SpecsSystem Spec
Reply

 Security Advisory ADV180022 | Windows Denial of Service Vulnerability




Thread Tools




Similar help and support threads
Thread Forum
Sumatra PDF Denial Of Service Vulnerability
Apparent distrust of Adobe PDF Reader has increased the popularity of my preferred alternate PDF application, Sumatra PDF. It appears that the popularity has also attracted additional attention. From Security Focus: From the exploit information at Security Focus:
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:26.
Twitter Facebook Google+