Microsoft Patched FragmentSmack Vulnerability Targeting Windows

This Tuesday, Microsoft September Patch was rolled out containing fixes for a number of security vulnerabilities. While it gained attention due to the patch for the infamous APLC zero-day vulnerability discovered recently, it also fixed a vulnerability that primarily affected Linux. Reportedly, Microsoft also fixed the FragmentSmack vulnerability affecting Windows systems.

FragmentSmack Vulnerability Also Affected Windows

The FragmentSmack vulnerability became known last month since it was discovered to affect the Linux Kernel. The vulnerability gained attention right after another similarly named vulnerability ‘SegmentSmack’ was discovered. Both the vulnerabilities SegmentSmack (CVE-2018–5390) and FragmentSmack (CVE-2018-5391) triggered DoS attacks.

As disclosed earlier, by exploiting these vulnerabilities, an attacker could easily cause a Denial-of-Service (DoS) at the target server by bombarding it with modified data packets. The difference between the two lies in their target – SegmentSmack targeted ongoing TCP sessions with modified data packets, whereas FragmentSmack relied on sending modified IP packets to the IP fragment reassembly. Both the vulnerabilities caused excessive resource usage leading to a denial of service.

Microsoft Already Patched The Vulnerability

The September Patch by Microsoft, along with other fixes, also contained a patch for FragmentSmack. As stated in their advisory ADV180022 about the vulnerability,

“Microsoft is aware of a denial of service vulnerability (named “FragmentSmack” CVE-2018-5391) affecting Windows systems. An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassembling IP fragments. A system under attack would become unresponsive with 100% CPU utilization but would recover as soon as the attack terminated.”

While the vulnerabilities already affected Linux users, their next target included Windows users. The vulnerabilities affected Windows 10, 8.1, 7, Windows Server 2008, Windows Server 2012, and Windows Server 2016.

Microsoft have already released their security update for this vulnerability on September 9, 2018, and also published the advisory. It then merely updated the information whilst releasing the September Patch Bundle. Users should make sure to update their systems so as to stay protected from these vulnerabilities.

Let us know your thoughts about the article in the comment section below.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients