Microsoft patches FragmentSmack vulnerability

FragmentSmack, a cybersecurity vulnerability, can be used as a basis for a DDoS attack, flooding the servers with malformed IP packets. The vulnerability was previously present in Windows servers, but Microsoft has already patched it.

When attacked with malformed IPv4 or IPv6 packets, Windows systems used to shoot their CPU usage all the way to 100%, effectively rendering them useless for any kind of work.

There is a similar vulnerability called SegmentSmack that used malformed TCP packets, while the FragmentSmack utilises IP packets in order to trigger the overload.

Since many DDoS botnets deemed them ideal to integrate, numerous Linux distros have hastily applied the patches as well. While it has been known that Linux was vulnerable to FragmentSmack for quite some time, the same thing was confirmed for all variants of Windows Server this week.

In technical terms, both Linux and Windows servers respond in the same way when targeted by this attack; if unpatched, the CPU usage shoots to 100%, which effectively blocks any activity on the attacked system until the attack is stopped.

Desktop users of Windows should not panic, since becoming targeted is quite a rare occurrence. However, administrators of Windows-based servers are urged to apply the patch as soon as possible. Even in the case that you can’t manage to patch it right away, the ADV180022 advisory includes some mitigations that will stop FragmentSmack from completely jamming a server.

According to Microsoft, Azure has been made resistant to the threat as well.