Unpatched Flaw Affecting All Versions of Windows

Jazzy

Forum Admin
Joined
Jun 27, 2016
Messages
55,595
Location
Vermont
From the article:

"A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.

The vulnerability resides in the way MSCTF clients and server communicate with each other, allowing even a low privileged or a sandboxed application to read and write data to a higher privileged application.

In a nutshell, when you log in to your Windows machine, it starts a CTF monitor service that works as a central authority to handle communications between all clients, which are actually windows for each process running on the same session.

The researcher has also released a custom open-source "CTF Exploration Tool" on Github that he developed and used to discover many critical security issues in the Windows CTF protocol."

More-->Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows
-------------------
Is this is as bad as it seems?
 

psalms91

Well-Known Member
Joined
Apr 19, 2019
Messages
2,027
Location
Pa
I have a feeling that to the black hats out there ithis is old news but yes it does seem like it could be bad
 

Snog

Well-Known Member
Joined
Jun 27, 2016
Messages
996
Yes it is (or can be). It WILL be interesting to see how Microsoft handles this.
 

Snog

Well-Known Member
Joined
Jun 27, 2016
Messages
996
Looks like it got patched.
Yes, I now see that they did patch it.

But the problem still exists for XP users and most likely won't be corrected. So, the moral here is... if your an XP user don't install anything that isn't from a reputable source. And personally, just to be safe I wouldn't go online with XP.

This is also a heads up for when Windows 7 is EOL in January. If something like this is found in the future, there will be no fix for Windows 7 after January of next year.
 

Mohawk

Well-Known Member
Joined
Dec 25, 2017
Messages
31
Location
US
At least it's not in the way of EternalBlue. Imagine an exploit like that.

I wish people would just move off XP, but I believe a lot of the market share might be China, not sure. Definitely a difficult situation.
 
Top Bottom