Skip to main content

A look at the Windows 10 exploit Google Zero disclosed this week

posted onAugust 15, 2019
by l33tdawg
Arstechnica
Credit: Arstechnica

On Tuesday, Tavis Ormandy of Google's Project Zero released an exploit kit called ctftool, which uses and abuses Microsoft's Text Services Framework in ways that can effectively get anyone root—er, system that is—on any unpatched Windows 10 system they're able to log in to. The patches for this vulnerability—along with several other serious issues—went out in this week's Patch Tuesday update.

We independently verified Ormandy's proof-of-concept, and it's precisely what it says on the tin: follow the directions and you get an nt authority\system privileged command prompt a few seconds later. We also independently verified that applying KB4512508 closed the vulnerability. After applying the August security updates, the exploit no longer works.

The full writeup of Ormandy's findings is fascinating and incredibly technically detailed. The TL;DR version is that Microsoft's Text Services Framework, which is used to provide multilingual support and has been in place since Windows XP, includes a library called MSCTF.DLL. (There's no clear documentation demonstrating what Microsoft intended CTF to stand for, but with the release of this tool, it might as well stand for Capture The Flag.)

Source

Tags

Security Microsoft

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th