Hiding in Plain Site: 20 Year Old Windows Exploit Patched…

by

August 20, 2019

In the words of the immortal Charlie Brown; good grief.

A Windows exploit that’s been around for almost 20 years was finally patched last week.

Apparently every single version of Windows has had this vulnerability.  The vulnerability is a part of a legacy protocol called CTF. CTF is a part of the Windows Text Services Framework.  CTF is used to control things like keyboard layout, text input methods, etc.

The flaw allows a would-be attacker to compromise an app, like the Notes app for example, and then launch other programs that run CTF. That could potentially include your internet browser.

The flaw was discovered by Tavis Ormandy, a researcher who’s a part of Google’s Project Zero. Ormandy’s been in the news for discovering other major flaws.

Ormandy first reached out to Microsoft regarding the vulnerability in May but the software giant seemed to ignore his findings. After waiting nearly three months for a response Ormandy finally released his findings on his own blog. You can read what he said in depth here.

As I said above, Microsoft did finally release an update that fixes the problem. If you haven’t patched your systems yet we recommend doing so.

 

Carl Keyser is a Digital Marketing Specialist at Integris.

Keep reading

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

As a business owner, it's important to make the most of your resources. This includes finding cost-effective solutions for managing and maintaining your company's technology. Keeping a competitive edge in your industry requires secure, modern tech that allows your...

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

If you’re wondering where to find top IT services in Minneapolis, it’s important to identify providers that offer a wide range of support, have great service and provide solid tech expertise. Comprehensive technology insight is especially important when it comes to IT...

Webinar: Email Security that Doesn’t Suck…

Webinar: Email Security that Doesn’t Suck…

Trustifi and Security 7 present Email Security That Doesn’t Suck.  In today’s age of over-complicated security tools, it is extremely difficult to manage the fine balance between security and productivity.   {% video_player "embed_player" overrideable=False,...