Google Project Zero security researcher Tavis Ormandy found critical design flaws in Windows. The flaws were found in the CTF subsystem (MSCTF) of the Windows Text Services Framework, present in all versions going back as far as Windows XP. Attackers who are already logged into a Windows system can take advantage of a huge attack surface stemming from MSCTF’s design flaws. This could potentially allow them to fully compromise the entire system after exploiting them and gaining SYSTEM privileges. Microsoft issued a security update tracked as CVE-2019-1162 to patch one of the issues.
Source: https://www.bleepingcomputer.com/news/microsoft/windows-ctf-flaws-enable-attackers-to-fully-compromise-systems/