Google security researcher has just disclosed details of a 20-year-old high-severity vulnerability affecting all versions of Microsoft Windows. The vulnerability resides in the way MSCTF clients and server communicate with each other, allowing even a low privileged or a sandboxed application to read and write data to a higher privileged application. Microsoft has finally addressed this vulnerability, tracked as CVE-2019-1162, by correcting how the Windows operating system handles calls to Advanced Local Procedure Call (ALPC)
Source: https://thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html