topic Re: Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows in Tech Talk

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

Caute_cautim — Mon, 09 Oct 2023 09:18:29 GMT

Anyone read this one yet and thought about the implications?

https://thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html

"A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.

The vulnerability resides in the way MSCTF clients and server communicate with each other, allowing even a low privileged or a sandboxed application to read and write data to a higher privileged application.

MSCTF is a module in Text Services Framework (TSF) of the Windows operating system that manages things like input methods, keyboard layouts, text processing, and speech recognition."

This should keep many rather busy sorting this one out.

Regards

Caute_cautim

Re: Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

arctific — Fri, 16 Aug 2019 20:49:13 GMT

Suppose 60% of vulnerabilities spend a fraction of their lifecycle as a zero day exploit. What are the odds we will start finding evidence of historical exploits for this vulnerability.

Re: Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

emb021 — Wed, 28 Aug 2019 18:31:01 GMT

FWIW, the article notes that Microsoft has patched it in this month's (August's?) patch set.

Hopefully we're good.

Re: Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

Dave422537 — Tue, 03 Sep 2019 23:23:50 GMT

I wonder how we could find evidence of usage of this kind of vulnerability, how many applications have stopped working the way they did since the update?

I'm minded of NSAKEY other built in doorways that are not even backdoors, known unknowns

Dave