Anyone read this one yet and thought about the implications?
"A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.
The vulnerability resides in the way MSCTF clients and server communicate with each other, allowing even a low privileged or a sandboxed application to read and write data to a higher privileged application.
MSCTF is a module in Text Services Framework (TSF) of the Windows operating system that manages things like input methods, keyboard layouts, text processing, and speech recognition."
This should keep many rather busy sorting this one out.
FWIW, the article notes that Microsoft has patched it in this month's (August's?) patch set.
Hopefully we're good.
I wonder how we could find evidence of usage of this kind of vulnerability, how many applications have stopped working the way they did since the update?
I'm minded of NSAKEY other built in doorways that are not even backdoors, known unknowns