Get a Pentest and security assessment of your IT network.

Cyber Security

Windows CTF Flaws Enable Attackers to Fully Compromise Systems

Google Project Zero security researcher Tavis Ormandy found critical design flaws in Windows. The flaws were found in the CTF subsystem (MSCTF) of the Windows Text Services Framework, present in all versions going back as far as Windows XP. Attackers who are already logged into a Windows system can take advantage of a huge attack surface stemming from MSCTF’s design flaws. This could potentially allow them to fully compromise the entire system after exploiting them and gaining SYSTEM privileges. Microsoft issued a security update tracked as CVE-2019-1162 to patch one of the issues.

Source: https://www.bleepingcomputer.com/news/microsoft/windows-ctf-flaws-enable-attackers-to-fully-compromise-systems/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation