Windows Packet Fragmentation Handling Denial of Service Vulnerability

Gandalf The White has reported a variant of some known vulnerabilities in Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the processing of fragmented packets. This can be exploited by sending a large number of small fragmented packets where some fragments are missing and then sending the final fragment repeatedly.

Successful exploitation may consume a large amount of CPU resources on a vulnerable system and may cause legitimate fragmented packets to be dropped, if a sufficient amount of attacking systems is used.

Solution: Secunia is currently not aware of a solution.”