Home > News content

Microsoft CTF protocol exposed vulnerability affects all systems since the release of Windows XP

via:CnBeta     time:2019/8/14 19:00:42     readed:46

What does CTF stand for? Ormandy didn't find it, it isWindowsPart of the Text Services Framework (TSF), which is used to manage text presentations within Windows or Windows applications. When the user launches an application, Windows will launch a CTF client, which will be from a CTFserverReceive instructions about the operating system language and keyboard input methods. If the operating system input method switches from one language to another, the CTF server notifies all CTF clients to change the language in real time.

The vulnerability is that communication between the CTF server and the client is not secure and does not have proper authentication. An attacker can hijack a CTF session from another application and pretend that the server sends instructions to the client. If the application is running on high privileges, an attacker can control the entire operating system.

The vulnerability affects all versions of Windows since XP, it is not clearMicrosoftWhether or when the patch will be released.

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments