Technology

A look at the Windows 10 exploit Google Zero disclosed this week

As you can see, we’re an unprivileged local user who’s not allowed to monkey with things under C:WindowsSystem32. [credit:
Jim Salter ]

On Tuesday, Tavis Ormandy of Google’s Project Zero released an exploit kit called ctftool, which uses and abuses Microsoft’s Text Services Framework in ways that can effectively get anyone root—er, system that is—on any unpatched Windows 10 system they’re able to log in to. The patches for this vulnerability—along with several other serious issues—went out in this week’s Patch Tuesday update.
We independently verified Ormandy’s proof-of-concept, and it’s precisely what it says on the tin: follow the directions and you get an nt authoritysystem privileged command prompt a few seconds later. We also independently verified that applying KB4512508 closed the vulnerability. After applying the August security updates, the exploit no longer works.
The full writeup of Ormandy’s findings is fascinating and incredibly technically detailed. The TL;DR version is that Microsoft’s Text Services Framework, which is used to provide multilingual support and has been in place since Windows XP, includes a library called MSCTF.DLL. (There’s no clear documentation demonstrating what Microsoft intended CTF to stand for, but with the release of this tool, it might as well stand for Capture The Flag.)
Read 7 remaining paragraphs | Comments

Source by [author_name]

Leave your vote

0 points
Upvote Downvote

Related Articles

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.