ADV180022 — Windows Denial of Service Vulnerability
Executive Summary
Microsoft is aware of a denial of service vulnerability (named "FragmentSmack" CVE-2018-5391) affecting Windows systems. An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassembling IP fragments. A system under attack would become unresponsive with 100% CPU utilization but would recover as soon as the attack terminated. To protect your system from this vulnerability, Microsoft recommends that you take the following actions: 1. What workaround(s) exist for this vulnerability? The following commands disable packet reassembly. Any out-of-order packets are dropped. There is a potential for packet loss when discarding out-of-order packets. Valid scenarios should not exceed more than 50 out-of-order fragments. We recommend testing prior to updating production systems. Further netsh guidance can be found at netsh . 2. Is Azure affected? Azure fabric layer protections mitigate this vulnerability. This is blocked before traffic reaches Azure VMs. 3. What can I do at the perimeter to block this attack? Review the perimeter device guidance and modify reassembly packet limits similar to the commands listed in FAQ #1 .
Overview
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Windows 10 for 32-bit Systems | 4457132 (Security Update) |
Important | Denial of Service | Yes |
| Windows 10 for x64-based Systems | 4457132 (Security Update) |
Important | Denial of Service | Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4457131 (Security Update) |
Important | Denial of Service | Yes |
| Windows 10 Version 1607 for x64-based Systems | 4457131 (Security Update) |
Important | Denial of Service | Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4457138 (Security Update) |
Important | Denial of Service | Yes |
| Windows 10 Version 1703 for x64-based Systems | 4457138 (Security Update) |
Important | Denial of Service | Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4457142 (Security Update) |
Important | Denial of Service | Yes |
| Windows 10 Version 1709 for x64-based Systems | 4457142 (Security Update) |
Important | Denial of Service | Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4457128 (Security Update) |
Important | Denial of Service | Yes |
| Windows 10 Version 1803 for x64-based Systems | 4457128 (Security Update) |
Important | Denial of Service | Yes |
| Windows 7 for 32-bit Systems Service Pack 1 4457144 (Monthly Rollup) 4457145 (Security Only) Important Denial of Service 4343900 Base: N/A Temporal: N/A Vector: N/A Yes None Windows 7 for x64-based Systems Service Pack 1 4457144 (Monthly Rollup) 4457145 (Security Only) Important Denial of Service 4343900 Base: N/A Temporal: N/A Vector: N/A Yes None Windows 8.1 for 32-bit systems 4457129 (Monthly Rollup) 4457143 (Security Only) Important Denial of Service 4343898 Base: N/A Temporal: N/A Vector: N/A Yes None Windows 8.1 for x64-based systems 4457129 (Monthly Rollup) 4457143 (Security Only) Important Denial of Service 4343898 Base: N/A Temporal: N/A Vector: N/A Yes None Windows RT 8.1 | 4457129 (Monthly Rollup) |
Important | Denial of Service | Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 4458010 (Monthly Rollup) 4457984 (Security Only) Important Denial of Service Base: N/A Temporal: N/A Vector: N/A Yes None Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4458010 (Monthly Rollup) 4457984 (Security Only) Important Denial of Service Base: N/A Temporal: N/A Vector: N/A Yes None Windows Server 2008 for Itanium-Based Systems Service Pack 2 4458010 (Monthly Rollup) 4457984 (Security Only) Important Denial of Service Base: N/A Temporal: N/A Vector: N/A Yes None Windows Server 2008 for x64-based Systems Service Pack 2 4458010 (Monthly Rollup) 4457984 (Security Only) Important Denial of Service Base: N/A Temporal: N/A Vector: N/A Yes None Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4458010 (Monthly Rollup) 4457984 (Security Only) Important Denial of Service Base: N/A Temporal: N/A Vector: N/A Yes None Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4457144 (Monthly Rollup) 4457145 (Security Only) Important Denial of Service 4343900 Base: N/A Temporal: N/A Vector: N/A Yes None Windows Server 2008 R2 for x64-based Systems Service Pack 1 4457144 (Monthly Rollup) 4457145 (Security Only) Important Denial of Service 4343900 Base: N/A Temporal: N/A Vector: N/A Yes None Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4457144 (Monthly Rollup) 4457145 (Security Only) Important Denial of Service 4343900 Base: N/A Temporal: N/A Vector: N/A Yes None Windows Server 2012 4457135 (Monthly Rollup) 4457140 (Security Only) Important Denial of Service 4343901 Base: N/A Temporal: N/A Vector: N/A Yes None Windows Server 2012 (Server Core installation) 4457135 (Monthly Rollup) 4457140 (Security Only) Important Denial of Service 4343901 Base: N/A Temporal: N/A Vector: N/A Yes None Windows Server 2012 R2 4457129 (Monthly Rollup) 4457143 (Security Only) Important Denial of Service 4343898 Base: N/A Temporal: N/A Vector: N/A Yes None Windows Server 2012 R2 (Server Core installation) 4457129 (Monthly Rollup) 4457143 (Security Only) Important Denial of Service 4343898 Base: N/A Temporal: N/A Vector: N/A Yes None Windows Server 2016 | 4457131 (Security Update) |
Important | Denial of Service | Yes |
| Windows Server 2016 (Server Core installation) | 4457131 (Security Update) |
Important | Denial of Service | Yes |
| Windows Server, version 1709 (Server Core Installation) | 4457142 (Security Update) |
Important | Denial of Service | Yes |
| Windows Server, version 1803 (Server Core Installation) | 4457128 (Security Update) |
Important | Denial of Service | Yes |
Patches
| Article | Type | Restart |
|---|---|---|
4457132 |
Security Update | Yes |
4457131 |
Security Update | Yes |
4457138 |
Security Update | Yes |
4457142 |
Security Update | Yes |
4457128 |
Security Update | Yes |
4457129 |
Monthly Rollup | Yes |
Known Exploits
Acknowledgments
Juha-Matti Tilli of Aalto University Department of Communications and Networking