Jump to content
Sign in to follow this  
BiosHell

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

Recommended Posts

A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.

The vulnerability resides in the way MSCTF clients and server communicate with each other, allowing even a low privileged or a sandboxed application to read and write data to a higher privileged application.

MSCTF is a module in Text Services Framework (TSF) of the Windows operating system that manages things like input methods, keyboard layouts, text processing, and speech recognition.

In a nutshell, when you log in to your Windows machine, it starts a CTF monitor service that works as a central authority to handle communications between all clients, which are actually windows for each process running on the same session.

POC Link : https://github.com/taviso/ctftool

Reference Link : https://thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+(The+Hackers+News+-+Cyber+Security+Blog)&utm_content=FaceBook&fbclid=IwAR2P3wJ-iWLStzuyUoAnsIWVDojE7P-kyUJnnrX0tnOAN-c1DU7KGbDAGGM

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...