Microsoft is aware of a denial of service vulnerability (named "FragmentSmack" CVE-2018-5391) affecting Windows systems. An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassembling IP fragments. A system under attack would become unresponsive with 100% CPU utilization but would recover as soon as the attack terminated.
Recommended actions
To protect your system from this vulnerability, Microsoft recommends that you take the following actions:
FAQ
- Register for security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
- Test and apply security updates. See the Affected Products table to download and install the updates.
- If you cannot apply the security updates immediately, you can apply the workdaround described in FAQ #1.
1. What workaround(s) exist for this vulnerability?
The following commands disable packet reassembly. Any out-of-order packets are dropped. There is a potential for packet loss when discarding out-of-order packets. Valid scenarios should not exceed more than 50 out-of-order fragments.
We recommend testing prior to updating production systems.
Code:Netsh int ipv4 set global reassemblylimit=0 Netsh int ipv6 set global reassemblylimit=0
Further netsh guidance can be found at netsh.
2. Is Azure affected?
Azure fabric layer protections mitigate this vulnerability. This is blocked before traffic reaches Azure VMs.
3. What can I do at the perimeter to block this attack?
Review the perimeter device guidance and modify reassembly packet limits similar to the commands listed in FAQ #1.
Mitigations
Microsoft has not identified any mitigating factors for this vulnerability.
Workarounds
Refer to FAQ #1 for the Workaround for this vulnerability.
Read more: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180022
My Computer
At a glance
64-bit Windows 11 Pro for WorkstationsIntel i7-8700K OC'd to 5 GHz64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600...ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
- Computer type
- PC/Desktop
- Computer Manufacturer/Model Number
- Self built custom
- OS
- 64-bit Windows 11 Pro for Workstations
- CPU
- Intel i7-8700K OC'd to 5 GHz
- Motherboard
- ASUS ROG Maximus XI Formula Z390
- Memory
- 64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
- Graphics Card(s)
- ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
- Sound Card
- Integrated
- Monitor(s) Displays
- 2 x Samsung Odyssey G7 27"
- Screen Resolution
- 2560x1440
- Hard Drives
- 1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
- PSU
- Seasonic Prime Titanium 850W
- Case
- Thermaltake Core P3
- Cooling
- Corsair Hydro H115i
- Keyboard
- Logitech wireless K800
- Mouse
- Logitech MX Master 4
- Internet Speed
- 2 Gb/s Download and 100 Mb/s Upload
- Antivirus
- Malwarebyte Anti-Malware Premium
- Browser
- Google Chrome
- Other Info
- Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone