DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
May 28, 2020 
Main Menu
News archives

Who's Online
There are currently 117 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Windows XP-era text services framework bugs can give an attacker full access to your system

Posted on Wednesday, August 14 2019 @ 14:59:25 CEST by

Besides the four wormable Windows vulnerabilities that got patched today, Microsoft also patched a text input vulnerability that could be exploited to gain System-level privileges. The vulnerability, which was discovered by Google Project Zero researcher Tavis Ormandy, resides in the Text Services Framework, a service that handles keyboard layout and text input. This framework has been part of Windows since the Windows XP days and appears to be riddled with security flaws:
"It will come as no surprise that this complex, obscure, legacy protocol is full of memory corruption vulnerabilities," Ormandy said. "Many of the Component Object Model objects simply trust you to marshal pointers across the Advanced Local Procedure Call port, and there is minimal bounds checking or integer overflow checking.

"Some commands require you to own the foreground window or have other similar restrictions, but as you can lie about your thread id, you can simply claim to be that Window's owner and no proof is required."

With this in mind, Ormandy was able to develop a proof-of-concept tool that abused CTF, via Notepad, to launch a command-line shell with System-level privileges.
Overall, the risk here is limited as an attacker already needs access to your system before he can exploit this vulnerability to gain full access. The most interesting thing here perhaps is that this privilege escalation flaw has been part of Windows since 2001. More details at The Register.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba