CVE-1999-0345 describes a denial of service (DoS) vulnerability known as the Jolt ICMP attack affecting Windows 95 and Windows NT systems. The attack exploits the Internet Control Message Protocol (ICMP), a fundamental network layer protocol used for diagnostic and control purposes. Specifically, the Jolt ICMP attack sends malformed or specially crafted ICMP packets to vulnerable systems, causing them to crash or become unresponsive. This vulnerability arises from inadequate handling of ICMP packets within the affected Windows operating systems, leading to resource exhaustion or system instability. The vulnerability was identified in the late 1990s and primarily impacts legacy Windows platforms that are now obsolete and unsupported. The CVSS score of 5.0 (medium severity) reflects that the attack can be launched remotely over the network without authentication, does not compromise confidentiality or integrity, but causes availability disruption. The affected product field listing FreeBSD versions appears to be a metadata inconsistency, as the vulnerability specifically targets Windows 95 and Windows NT systems. No patches are available for this vulnerability, and there are no known exploits currently active in the wild. Given the age of the affected systems, modern environments are unlikely to be directly impacted unless legacy systems remain in use.

For European organizations, the direct impact of the Jolt ICMP attack today is minimal due to the obsolescence of Windows 95 and Windows NT systems in production environments. However, any legacy infrastructure still running these operating systems could be susceptible to network-based DoS attacks that disrupt availability. This could affect critical legacy applications or industrial control systems that have not been updated. The attack does not compromise data confidentiality or integrity but can cause service outages, potentially impacting business continuity. European organizations with strict uptime requirements or those operating in sectors with legacy technology dependencies (e.g., manufacturing, utilities) should be aware of this risk. Additionally, the vulnerability highlights the importance of network-level protections against malformed ICMP traffic to prevent DoS conditions.

Since no patches are available for this vulnerability, mitigation must focus on network-level controls and system upgrades. European organizations should implement the following specific measures: 1) Block or rate-limit ICMP traffic at network perimeters using firewalls or intrusion prevention systems to prevent malformed ICMP packets from reaching vulnerable hosts. 2) Segregate legacy Windows 95/NT systems on isolated network segments with strict access controls to minimize exposure. 3) Employ network anomaly detection tools to identify unusual ICMP traffic patterns indicative of attack attempts. 4) Plan and execute migration strategies to replace legacy Windows 95 and NT systems with supported, modern operating systems to eliminate the vulnerability entirely. 5) For environments where legacy systems cannot be immediately replaced, consider deploying virtual patching or network-based shields to mitigate attack vectors. 6) Regularly review and update network device configurations to ensure ICMP handling aligns with security best practices.