DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
August 23, 2019 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 53 people online.

 

Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
 

Follow us
RSS
 

Windows XP-era text services framework bugs can give an attacker full access to your system

Posted on Wednesday, August 14 2019 @ 14:59:25 CEST by


MSFT
Besides the four wormable Windows vulnerabilities that got patched today, Microsoft also patched a text input vulnerability that could be exploited to gain System-level privileges. The vulnerability, which was discovered by Google Project Zero researcher Tavis Ormandy, resides in the Text Services Framework, a service that handles keyboard layout and text input. This framework has been part of Windows since the Windows XP days and appears to be riddled with security flaws:
"It will come as no surprise that this complex, obscure, legacy protocol is full of memory corruption vulnerabilities," Ormandy said. "Many of the Component Object Model objects simply trust you to marshal pointers across the Advanced Local Procedure Call port, and there is minimal bounds checking or integer overflow checking.

"Some commands require you to own the foreground window or have other similar restrictions, but as you can lie about your thread id, you can simply claim to be that Window's owner and no proof is required."

With this in mind, Ormandy was able to develop a proof-of-concept tool that abused CTF, via Notepad, to launch a command-line shell with System-level privileges.
Overall, the risk here is limited as an attacker already needs access to your system before he can exploit this vulnerability to gain full access. The most interesting thing here perhaps is that this privilege escalation flaw has been part of Windows since 2001. More details at The Register.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba