BleepingComputer reports that nearly 300,000 online systems and their networks could be compromised through the novel Loop DoS attack, which involves the exploitation of the UDP implementation flaw, tracked as CVE-2024-2169, to facilitate excessive network traffic.
Such an attack, created by CISPA Helmholtz-Center for Information Security, may not only result in the instability of vulnerable services due to overloading and network outages stemming from targeted denial-of-service attacks but also amplified DoS and DDoS intrusions, according to the Carnegie Mellon CERT Coordination Center. "If two application servers have a vulnerable implementation of said protocol, an attacker can initiate a communication with the first server, spoofing the network address of the second server (victim). In many cases, the first server will respond with an error message to the victim, which will also trigger a similar behavior of another error message back to the first server," said CERT/CC, which urged the immediate application of patches on vulnerable systems, including those by Microsoft, Cisco, and Honeywell.
