Windows Systems Found Vulnerable To FragmentSmack (CVE-2018-5391) Attack

Cyber security has always been on target of cyber criminals and according to a security report this time they have updated an old vulnerability. Denial of service (DoS) is a kind of vulnerability for the older versions of Windows operating system. As reported by cyber security analyst report, this vulnerability is known as FragmentSmack which is very similar to SegmentSmack, a vulnerability of Linux system. Recently Microsoft has published an advisory and alert user’s about a denial-of-service flaw which may attack multiple versions of Windows system and leave them unresponsive. According to the advisory the flaw has attacked almost all the version between Windows 7 to 10. This vulnerability is also known as CVE-2018-5391 and if you are a Windows user then it is not good news for you.

FragmentSmack Flaw Attacks TCP/IP Reassembly Mechanisms

FragmentSmack vulnerability is also known as Teardrop attack which targets the TCP/IP re-fabrication feature. Through this way it stops them from putting together data packets of fragmented. As a consequence, data packets get overlay and they soon swamp the server’s of victim and make them fail. As reported by experts, this attack is because of the vulnerability which usually exist in older versions of Windows operating system like like Windows 3.1, 95 and NT. However this security flaw was believed to be patched by Microsoft but unfortunately it is not true. The vulnerability resurfaced in Windows 7 and vista operating system.

Let’s Have A Glance At Adverse Effect Of FragmentSmack

There are lots of negative impact of this vulnerability on the compromised computer. As mentioned in the Microsoft advisory, cyber criminals can utilize this flaw to send IP fragments of 8-byte size with random starting offsets. It means a system which is under the attack of CVE-2018-5391 can become unresponsive because its CPU power get utilized about 100%. This can also result in crash of installed program as well as the complete operating system. However this activity comes to an end when the attacker stop sending the mutilated IP packets.

The good news is user can protect their Windows system from the attack of this security flaw. To do that it is recommended to utilize the security measures mentioned in the advisory of Microsoft. According to Microsoft user should perform following action to give their system a protection against FragmentSmack (CVE-2018-5391) attack :

  • User’s should register for the security notifications so that they should get alert message
  • Always test your security and apply the latest updates available for your products.

What To Do If Unable To Apply The Security Updates?

If some user’s are unable to apply the security updates or environment prevent them to do that then in such situation Microsoft recommend user’s to follow the comman
d provided by it. Following the command will disable the reassembly of IP packets. Below you can see the command which you should follow to FragmentSmack denial-of-service flaw :

Netsh int ipv4 set global reassemblylimit=0
Netsh int ipv6 set global reassemblylimit=0

Following the above command will remove those packets which are out of order. For an immediate resolution the company also suggest to disable the fragments.

Leave a Reply

Your email address will not be published. Required fields are marked *