Jump to content

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Ver of Windows

Recommended Posts

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.

The vulnerability resides in the way MSCTF clients and server communicate with each other, allowing even a low privileged or a sandboxed application to read and write data to a higher privileged application.

MSCTF is a module in Text Services Framework (TSF) of the Windows operating system that manages things like input methods, keyboard layouts, text processing, and speech recognition.

In a nutshell, when you log in to your Windows machine, it starts a CTF monitor service that works as a central authority to handle communications between all clients, which are actually windows for each process running on the same session.

Full Story: https://thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html

Share this post

Link to post
Share on other sites

I have always and continue to terminate/disable/cripple CTFMON as I have never had any use for it and was always infuriated by the fact that it would always return to memory after being terminated.  In fact, back in the XP days I went as far as replacing the ctfmon.exe executable with a fake/dummy file just to keep it out of memory.  In newer Windows versions (at least in Vista and 7; I don't know about 8/8.1/10) it seems as though ctfmon does not run unless the text to speech functions are enabled/active, though I do recall that it would enable itself whenever Microsoft Office was installed and I believe that in most cases, this is the reason for its presence in memory on most systems because I don't believe it is enabled/active by default otherwise.

Share this post

Link to post
Share on other sites
2 minutes ago, Firefox said:

IIRC MS Office uses CTFMON

I don't know about that.  It never caused any issues when I would break it, and I've been using MS Office 2010 for years now and it hasn't ever installed/enabled CTFMON on my systems (even though I stopped breaking it back in the XP days, specifically because it no longer gets activated in Windows 7, at least it never has for me).  It is used for alternate input methods like text-to-speech, tablet input devices and onscreen keyboards, so if you use such an input device then it's likely best to leave it alone, and I'm sure this is why MS Office would enable it (sometimes, though as I said, it doesn't always) because of Office's speech to text functionality and the like that Microsoft has been building in to MS Office for some time now.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.