Be Careful of Your UDP Service: Preauth DoS on Windows Deployment Service
a year ago
- #Windows
- #DoS
- #cybersecurity
- Remote memory exhaustion vulnerabilities in critical infrastructure services are understudied but pose significant threats.
- Windows Deployment Service (WDS) is vulnerable to a remote DoS attack via UDP, allowing attackers to crash the system by exhausting memory.
- The attack involves forging fake client IPs and ports to create unlimited sessions, leading to memory exhaustion.
- A proof-of-concept demonstrates the attack's simplicity, requiring no authentication or user interaction.
- Microsoft initially dismissed the bug as moderate, despite its potential to disrupt enterprise networks.
- The vulnerability highlights a broader issue with UDP-based services and the lack of robust defenses against memory exhaustion attacks.