Microsoft has announced a new denial of service vulnerability that could disable computers with various versions of Windows, adding that there are no mitigation ways.
Vulnerability affects all versions of them Windows from 7 to 10, including 8.1 RT, 2008 server, 2012 server, 2016 server, and all other versions that have not installed the latest security updates.
Password vulnerability CVE-2018-5391, relates to packet fragmentation, a process that adjusts the packet size to match the recipient's MTU (maximum transmission unit).
IP segregation attacks are a known way of DoS (Denial of Service) attacks where the victim system receives many small IP packets, which need to be reassembled in their original form.
This is a TCP fragmentation attack, also known as Teardrop attack, that prevents the recipient from reassembling the packets. This attack exists from when Windows 3.1 was used, where crash-like operating system.
"The attacker could send many packets of 8 bytes without sending the last packet." So the victim computer, waiting for that last packet to reassemble it, could never complete the process, and "hung up" ».
The reason why the computer stopped responding was because the processor was at its highest level of use, and only returned when the reassembly process was completed or canceled.
Microsoft recommends that all necessary updates be made, and if this is not possible, Microsoft recommends using these two commands.
Netsh int ipv4 set global reassemblylimit = 0 Netsh int ipv6 set global reassemblylimit = 0
How useful was this post?
Average rating / 5. Vote count:
No votes so far! Be the first to rate this post.