Navigation überspringen

Security Bulletin for August 2018

Veröffentlicht am 8 August, 2018

Partner Engineering Manager, Azure CXP

August 14, 2018:

The disclosure known as "FragmentSmack" (CVE-2018-5391) is an IP Denial of Service (DoS) vulnerability that affects Linux systems.  Microsoft cloud customers (Azure and Microsoft 365) are protected from this vulnerability automatically without any customer action required.  As a best practice, customers running Linux-based virtual machines within Azure are always encouraged to apply the latest updates from their respective distributions as they become available. 

For Linux updates on this CVE, please refer to the Linux vendor security channels for your distribution.

​Updated Sept 13, 2018:​ For customers running Windows, please refer to the security advisory bulletin for the current workaround and updates to a mitigation process.

August 6, 2018:

Microsoft is aware of a temporary denial of service (DoS) vulnerability (CVE-2018-5390) affecting the Linux Kernel. Virtual Machines running Linux may be vulnerable. The Azure Host platform remains secure from this vulnerability. We are working with various Linux distributions to ensure that they address this security issue.

For guidance on (CVE-2018-5390) please refer to the Linux vendor security channels for your distribution. To learn more about the vulnerability, please visit Vulnerability Notes Database.

We will continue to update this advisory as additional details become available.