Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Eugene

(62,660 posts)
Thu Aug 15, 2019, 10:21 AM Aug 2019

Windows CTF Flaws Enable Attackers to Fully Compromise Systems

Source: Bleeping Computer

Windows CTF Flaws Enable Attackers to Fully Compromise Systems

By Sergiu Gatlan
August 14, 2019 03:48 PM

Several critical design flaws were found by Google Project Zero security researcher Tavis Ormandy in the CTF subsystem (MSCTF) of the Windows Text Services Framework (MSCTF), present in all versions going back as far as Windows XP.

The issues might go even further for Microsoft Offices users since, even though not present in the Windows XP base system, MSCTF would be installed on the system with the productivity suite.

Ormandy says that attackers who are already logged into a Windows system can take advantage of a huge attack surface stemming from MSCTF's design flaws. This could potentially allow them to fully compromise the entire system after exploiting them and gaining SYSTEM privileges.

"It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed," added the researcher.

Ormandy also published a video demo on YouTube to show the dangers behind the MSCTF flaws by exploiting the protocol to hijack the Windows LogonUI—program used by the system to show the login screen—to gain SYSTEM privileges in Windows 10.

-snip-


Read more: https://www.bleepingcomputer.com/news/microsoft/windows-ctf-flaws-enable-attackers-to-fully-compromise-systems/


Latest Discussions»Help & Search»Computer Help and Support»Windows CTF Flaws Enable ...