Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Windows CTF Flaws Enable Attackers to Fully Compromise Systems
Source: Bleeping Computer
Windows CTF Flaws Enable Attackers to Fully Compromise Systems
By Sergiu Gatlan
August 14, 2019 03:48 PM
Several critical design flaws were found by Google Project Zero security researcher Tavis Ormandy in the CTF subsystem (MSCTF) of the Windows Text Services Framework (MSCTF), present in all versions going back as far as Windows XP.
The issues might go even further for Microsoft Offices users since, even though not present in the Windows XP base system, MSCTF would be installed on the system with the productivity suite.
Ormandy says that attackers who are already logged into a Windows system can take advantage of a huge attack surface stemming from MSCTF's design flaws. This could potentially allow them to fully compromise the entire system after exploiting them and gaining SYSTEM privileges.
"It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed," added the researcher.
Ormandy also published a video demo on YouTube to show the dangers behind the MSCTF flaws by exploiting the protocol to hijack the Windows LogonUI—program used by the system to show the login screen—to gain SYSTEM privileges in Windows 10.
-snip-
By Sergiu Gatlan
August 14, 2019 03:48 PM
Several critical design flaws were found by Google Project Zero security researcher Tavis Ormandy in the CTF subsystem (MSCTF) of the Windows Text Services Framework (MSCTF), present in all versions going back as far as Windows XP.
The issues might go even further for Microsoft Offices users since, even though not present in the Windows XP base system, MSCTF would be installed on the system with the productivity suite.
Ormandy says that attackers who are already logged into a Windows system can take advantage of a huge attack surface stemming from MSCTF's design flaws. This could potentially allow them to fully compromise the entire system after exploiting them and gaining SYSTEM privileges.
"It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed," added the researcher.
Ormandy also published a video demo on YouTube to show the dangers behind the MSCTF flaws by exploiting the protocol to hijack the Windows LogonUI—program used by the system to show the login screen—to gain SYSTEM privileges in Windows 10.
-snip-
Read more: https://www.bleepingcomputer.com/news/microsoft/windows-ctf-flaws-enable-attackers-to-fully-compromise-systems/