Hiding in Plain Site: 20 Year Old Windows Exploit Patched…


August 20, 2019

In the words of the immortal Charlie Brown; good grief.

A Windows exploit that’s been around for almost 20 years was finally patched last week.

Apparently every single version of Windows has had this vulnerability.  The vulnerability is a part of a legacy protocol called CTF. CTF is a part of the Windows Text Services Framework.  CTF is used to control things like keyboard layout, text input methods, etc.

The flaw allows a would-be attacker to compromise an app, like the Notes app for example, and then launch other programs that run CTF. That could potentially include your internet browser.

The flaw was discovered by Tavis Ormandy, a researcher who’s a part of Google’s Project Zero. Ormandy’s been in the news for discovering other major flaws.

Ormandy first reached out to Microsoft regarding the vulnerability in May but the software giant seemed to ignore his findings. After waiting nearly three months for a response Ormandy finally released his findings on his own blog. You can read what he said in depth here.

As I said above, Microsoft did finally release an update that fixes the problem. If you haven’t patched your systems yet we recommend doing so.


Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...