Windows 10: Security Advisory ADV180022 | Windows Denial of Service Vulnerability

Brink · Sep 12, 2018

Microsoft is aware of a denial of service vulnerability (named "FragmentSmack" CVE-2018-5391) affecting Windows systems. An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassembling IP fragments. A system under attack would become unresponsive with 100% CPU utilization but would recover as soon as the attack terminated.

Recommended actions

To protect your system from this vulnerability, Microsoft recommends that you take the following actions:

Register for security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

Test and apply security updates. See the Affected Products table to download and install the updates.

If you cannot apply the security updates immediately, you can apply the workdaround described in FAQ #1.

FAQ

1. What workaround(s) exist for this vulnerability?

The following commands disable packet reassembly. Any out-of-order packets are dropped. There is a potential for packet loss when discarding out-of-order packets. Valid scenarios should not exceed more than 50 out-of-order fragments.

We recommend testing prior to updating production systems.
Code: Netsh int ipv4 set global reassemblylimit=0 Netsh int ipv6 set global reassemblylimit=0
Click to expand...

Further netsh guidance can be found at netsh.

2. Is Azure affected?

Azure fabric layer protections mitigate this vulnerability. This is blocked before traffic reaches Azure VMs.

3. What can I do at the perimeter to block this attack?

Review the perimeter device guidance and modify reassembly packet limits similar to the commands listed in FAQ #1.

Affected Products

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.

Product Platform Article Download Impact Severity Supersedence Windows 10 for 32-bit Systems 4457132 Security Update Denial of Service Important 4343892 Windows 10 for x64-based Systems 4457132 Security Update Denial of Service Important 4343892 Windows 10 Version 1607 for 32-bit Systems 4457131 Security Update Denial of Service Important 4343887 Windows 10 Version 1607 for x64-based Systems 4457131 Security Update Denial of Service Important 4343887 Windows 10 Version 1703 for 32-bit Systems 4457138 Security Update Denial of Service Important 4343885 Windows 10 Version 1703 for x64-based Systems 4457138 Security Update Denial of Service Important 4343885 Windows 10 Version 1709 for 32-bit Systems 4457142 Security Update Denial of Service Important 4343897 Windows 10 Version 1709 for 64-based Systems 4457142 Security Update Denial of Service Important 4343897 Windows 10 Version 1803 for 32-bit Systems 4457128 Security Update Denial of Service Important 4343909 Windows 10 Version 1803 for x64-based Systems 4457128 Security Update Denial of Service Important 4343909 Windows 7 for 32-bit Systems Service Pack 1 4457144 Monthly Rollup Denial of Service Important 4343900 4457145 Security Only Windows 7 for x64-based Systems Service Pack 1 4457144 Monthly Rollup Denial of Service Important 4343900 4457145 Security Only Windows 8.1 for 32-bit systems 4457129 Monthly Rollup Denial of Service Important 4343898 4457143 Security Only Windows 8.1 for x64-based systems 4457129 Monthly Rollup Denial of Service Important 4343898 4457143 Security Only Windows RT 8.1 4457129 Monthly Rollup Denial of Service Important 4343898 Windows Server 2008 for 32-bit Systems Service Pack 2 4458010 Monthly Rollup Denial of Service Important 4457984 Security Only Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4458010 Monthly Rollup Denial of Service Important 4457984 Security Only Windows Server 2008 for Itanium-Based Systems Service Pack 2 4458010 Monthly Rollup Denial of Service Important 4457984 Security Only Windows Server 2008 for x64-based Systems Service Pack 2 4458010 Monthly Rollup Denial of Service Important 4457984 Security Only Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4458010 Monthly Rollup Denial of Service Important 4457984 Security Only Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4457144 Monthly Rollup Denial of Service Important 4343900 4457145 Security Only Windows Server 2008 R2 for x64-based Systems Service Pack 1 4457144 Monthly Rollup Denial of Service Important 4343900 4457145 Security Only Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4457144 Monthly Rollup Denial of Service Important 4343900 4457145 Security Only Windows Server 2012 4457135 Monthly Rollup Denial of Service Important 4343901 4457140 Security Only Windows Server 2012 (Server Core installation) 4457135 Monthly Rollup Denial of Service Important 4343901 4457140 Security Only Windows Server 2012 R2 4457129 Monthly Rollup Denial of Service Important 4343898 4457143 Security Only Windows Server 2012 R2 (Server Core installation) 4457129 Monthly Rollup Denial of Service Important 4343898 4457143 Security Only Windows Server 2016 4457131 Security Update Denial of Service Important 4343887 Windows Server 2016 (Server Core installation) 4457131 Security Update Denial of Service Important 4343887 Windows Server, version 1709 (Server Core Installation) 4457142 Security Update Denial of Service Important 4343897 Windows Server, version 1803 (Server Core Installation) 4457128 Security Update Denial of Service Important 4343909
Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Refer to FAQ #1 for the Workaround for this vulnerability.

Acknowledgements

Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.

See acknowledgements for more information.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

Version Date Description 1.0 09/11/2018 Information published. 1.1 09/12/2018 Removed FAQ #3 regarding when the security updates would be available for this vulnerability. The security updates were released on September 9, 2018 at the same time the advisory was published; therefore, the FAQ is not applicable. This is an informational change only. [/quote]
Source: https://portal.msrc.microsoft.com/en...sory/ADV180022

:)

Yukikaze · Sep 12, 2018

WPA2 Vulnerability Found

A small update with regards to the Microsoft fix. The fix itself is sufficient to solve the issue on Windows, even if your WiFi device has no driver update, with one caveat:

Does this security update fully address these vulnerabilities on Microsoft Platforms, or do I need to perform any additional steps to be fully protected?
The provided security updates address the reported vulnerabilities; however, when affected Windows based systems enter a connected standby mode in low power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware. To fully address potential vulnerabilities, you are also encouraged to contact your Wi-Fi hardware vendor to obtain updated device drivers. For a listing of affected vendors with links to their documentation, review the ICASI Multi-Vendor Vulnerability Disclosure statement here: http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities

Source: {{windowTitle}}

Brink · Sep 12, 2018

Intel Puma Chipset Denial of Service Vulnerabilities

[table][tr]Intel ID: INTEL-SA-00097 [/tr] [tr][td]Product family:[/td] [td]Intel® Puma™ 5, 6, and 7 Series[/td] [/tr] [tr][td]Impact of vulnerability:[/td] [td]Denial of Service[/td] [/tr] [tr][td]Severity rating:[/td] [td]Important[/td] [/tr] [tr][td]Original release:[/td] [td]07/31/2018[/td] [/tr] [tr][td]Last revised:[/td] [td]07/31/2018[/td] [/tr] [/table]

Summary:

Firmware in the Intel® Puma™ 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic.

Description:

Firmware in the Intel® Puma™ 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic.
• High 7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products:

Home gateway and cable modem devices provided by internet service providers and retail device manufacturers based on the following products:
• Intel® Puma™ 5 chipset
• Intel® Puma™ 6 SoC
• Intel® Puma™ 7 SoC

Recommendations:

Intel is working with Internet service providers and manufacturers for retail devices to help deliver to affected devices the updated firmware which mitigates these issues.

Acknowledgements:

Intel would like to credit “mackey” for discovery of these issues.

Revision History

[table][tr]Revision Date Description [/tr] [tr][td]1.0[/td] [td]07/31/2018[/td] [td]Initial Release[/td] [/tr] [/table]

CVE Name: CVE-2017-5693
Click to expand...

Source: INTEL-SA-00097

Brink · Sep 12, 2018

Microsoft Security Advisory 4010983

Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service

Executive Summary

Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.1.0. This advisory also provides guidance on what developers can do to update their applications correctly.

Microsoft is aware of a security vulnerability in the public version of ASP.NET Core MVC 1.1.0 where a malformed HTTP request could lead to a denial of service.

ASP.NET Core is next generation of ASP.NET that provides a familiar and modern framework for web and cloud scenarios, running on top of .NET Core. These products are actively developed by the ASP.NET team in collaboration with a community of open source developers, running on Windows, Mac OS X and Linux. When ASP.NET Core was released, the version number was reset to 1.0.0 to reflect the fact that it is a separate product from its predecessor - ASP.NET.

Developers are advised to update all apps to use package version 1.1.1 or greater.

Mitigating Factors

Only applications targeting ASP.NET Core 1.1.0 are affected. Applications targeting ASP.NET Core 1.0.0, 1.0.1 or 1.02 are not affected.

Affected Software

The vulnerability affects any Microsoft ASP.NET Core project if it uses the following affected package version.

[table][tr][td]Affected package and version[/td] [/tr] [tr][td]Package name[/td] [td]Package version[/td] [/tr] [tr][td]Microsoft.AspNetCore.Mvc.Core[/td] [td]1.1.0[/td] [/tr] [/table]

Advisory FAQ

How do I know if I am affected?

ASP.NET Core has two different types of dependencies, direct and transitive. If your project has a direct or transitive dependency on Microsoft.AspNetCore.Mvc.Core version 1.1.0 you are affected.

.NET Core Project formats

.NET Core has two different project file formats, depending on what software created the project.

project.json is the original format, included in .NET Core 1.0 and Visual Studio 2015.

csproj is the format used in Visual Studio 2017.

You must ensure you follow the correct update instructions for your project type.

Direct Dependencies

Direct dependencies are dependencies where you specifically add a package to your project. For example, if you add the Microsoft.AspNetCore.Mvc package to your project then you have taken a direct dependency on Microsoft.AspNetCore.Mvc.

Direct dependencies are discoverable by reviewing your project.json or csproj file.

Transitive Dependencies

Transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, if you add the Microsoft.AspNetCore.Mvc package to your project it depends on the Microsoft.AspNetCore.Mvc.Core package (amongst others). Your project has a direct dependency on Microsoft.AspNetCore.Mvc and a transitive dependency on the Microsoft.AspNetCore.Mvc.Core package.

Transitive dependencies are reviewable in the Visual Studio Solution Explorer window, which supports searching, or by reviewing the project.lock.json file contained in the root directory of your project for project.json projects or the project.assets.json file contained in the obj directory of your project for csproj projects. These files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies.

Any ASP.NET Core MVC 1.1 application will have a dependency on the affected package, either direct or transitive.

How do I fix my affected app?

You will need to fix both direct dependencies and review and fix any transitive dependencies. Version 1.1.1 of the vulnerable package contains the fixes required to secure your app...
Click to expand...

Read more: Microsoft Security Advisory 4010983

Windows 10: Security Advisory ADV180022 | Windows Denial of Service Vulnerability

Security Advisory ADV180022 | Windows Denial of Service Vulnerability

Security Advisory ADV180022 | Windows Denial of Service Vulnerability

Security Advisory ADV180022 | Windows Denial of Service Vulnerability

Security Advisory ADV180022 | Windows Denial of Service Vulnerability - Similar Threads - Security Advisory ADV180022

Intel NUC Firmware Vulnerability Advisory

CVE-2019-1255 Microsoft Defender Denial of Service Vulnerability

Intel NUC Vulnerability Advisory

Intel PROSet Wireless Driver Denial of Service Advisory - Feb. 12

Intel Server Boards Firmware Advisory for security vulnerability

Intel RAID Web Server 3 Service Advisory for security vulnerability

Intel NUC Bios Updater Advisory for potential security vulnerability

Intel Puma Chipset Denial of Service Vulnerabilities

Microsoft security advisory: Update for vulnerabilities in Adobe Flash

Users found this page by searching for:

microsoft windows fragmentsmack denial of service vulnerability (adv180022)

ADV180022 CVSS