Does CVE-2004-0230, TCP Sequence Number Approximation Based Denial of Service, affect Data Loss Prevention (DLP)?

Release: 15.8 MP3
Windows Server 2019 Standard 64-bit version 1809 build 17763

Our security team has reviewed CVE-2004-0230 and determined that it does not affect DLP.

Their observation:

• Modern operating systems use a random sequence number, which is difficult to guess, and hence crafting an RST packet is not easy.
• Typically TCP/IP connections are not long-lived, and an attacker has no chance to guess the RST packet sequence number.
• This reset functionality is a part of TCP/IP protocol, and DLP will simply reset the connection (if at all it happens). This is normal behavior and not a security threat.

LWN provides an excellent explanation: https://lwn.net/Articles/81560/

Overall, the conclusion is that you can lower the severity of this issue and/or set it to ignore.
There is nothing Broadcom can do to remedy the situation.
Any fixes, if at all, have to come from Microsoft, for the Windows TCP/IP network stack.