| Thread Tools |
15th August 2019, 12:56 | #1 |
[M] Reviewer Join Date: May 2010 Location: Romania
Posts: 148,738
| Big hole found in Microsoft protocol Been there since Windows XP A little known Microsoft protocol, which has been used by all Windows operating systems since Windows XP is insecure and a doodle to exploit. No one really knows what CTF stands for as it does not show up on any Windows documentation. CTF is part of the Windows Text Services Framework (TSF) and is supposed to manage the text shown inside Windows and Windows applications. When users start an app, Windows also starts a CTF client for that app. The CTF client receives instructions from a CTF server about the OS system language and the keyboard input methods. According to Tavis Ormandy, a security researcher with Google's Project Zero elite security team and the one who discovered the buggy protocol, hackers or malware that already have a foothold on a user's computer can use the protocol to take over any app, high-privileged applications, or the entire OS. Currently, there are no patches for these bugs, and a quick fix isn't expected, as the vulnerabilities are deeply ingrained in the protocol and its design. https://fudzilla.com/news/49218-big-...osoft-protocol |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Microsoft browsers will disable 20-year-old security protocol | Stefan Mileschin | WebNews | 0 | 17th October 2018 14:10 |
British spooks find hole in Microsoft Defender and Security Essentials | Stefan Mileschin | WebNews | 0 | 11th December 2017 19:26 |
Microsoft finds hole in Chrome | Stefan Mileschin | WebNews | 0 | 28th October 2017 07:51 |
Microsoft patches Google-outed Windows security hole | Stefan Mileschin | WebNews | 0 | 9th November 2016 05:57 |
Black hole found in the internet | Stefan Mileschin | WebNews | 0 | 9th December 2013 07:26 |
Hole found in Android code base | Stefan Mileschin | WebNews | 0 | 5th July 2013 06:48 |
Microsoft plugs USB hole | Stefan Mileschin | WebNews | 0 | 14th March 2013 06:17 |
New Security Hole Found in Wi-Fi Routers: Disable UPnP to Protect Yourself | Stefan Mileschin | WebNews | 0 | 31st January 2013 07:48 |
Huge Hole in Open Source Software Found, Leaves Millions Vulnerable | jmke | WebNews | 1 | 23rd May 2008 22:40 |
Huge Security Hole Found in Symantec Antivirus Software | jmke | WebNews | 0 | 27th May 2006 14:42 |
Thread Tools | |
| |