Google Discloses 20-Year-Old Unpatched Flaw Affecting All Ver of Windows

[Firefox]

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.

The vulnerability resides in the way MSCTF clients and server communicate with each other, allowing even a low privileged or a sandboxed application to read and write data to a higher privileged application.

MSCTF is a module in Text Services Framework (TSF) of the Windows operating system that manages things like input methods, keyboard layouts, text processing, and speech recognition.

In a nutshell, when you log in to your Windows machine, it starts a CTF monitor service that works as a central authority to handle communications between all clients, which are actually windows for each process running on the same session.

Full Story: https://thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html

[David H. Lipman]

Interesting, Thanx.

[exile360]

I have always and continue to terminate/disable/cripple CTFMON as I have never had any use for it and was always infuriated by the fact that it would always return to memory after being terminated.  In fact, back in the XP days I went as far as replacing the ctfmon.exe executable with a fake/dummy file just to keep it out of memory.  In newer Windows versions (at least in Vista and 7; I don't know about 8/8.1/10) it seems as though ctfmon does not run unless the text to speech functions are enabled/active, though I do recall that it would enable itself whenever Microsoft Office was installed and I believe that in most cases, this is the reason for its presence in memory on most systems because I don't believe it is enabled/active by default otherwise.

[Firefox]

IIRC MS Office uses CTFMON

[exile360]

2 minutes ago, Firefox said:

IIRC MS Office uses CTFMON

I don't know about that.  It never caused any issues when I would break it, and I've been using MS Office 2010 for years now and it hasn't ever installed/enabled CTFMON on my systems (even though I stopped breaking it back in the XP days, specifically because it no longer gets activated in Windows 7, at least it never has for me).  It is used for alternate input methods like text-to-speech, tablet input devices and onscreen keyboards, so if you use such an input device then it's likely best to leave it alone, and I'm sure this is why MS Office would enable it (sometimes, though as I said, it doesn't always) because of Office's speech to text functionality and the like that Microsoft has been building in to MS Office for some time now.

[exile360]

By the way, I found this article on how to disable it.  It's for XP and Vista but it likely applies to more current versions of Windows/Office as well.