20-Year-Old Bug in Legacy Microsoft Code Plagues All Windows Users


A newly found bug in an legacy Windows protocol can lead to real-world privilege-escalation attacks. According to a Threat Post article:


“The issue is with an obscure piece of functionality called CTF which is part of the Windows Text Services Framework,” explained Richard Gold, head of security engineering at Digital Shadows, speaking to Threatpost. “Programs running on a Windows machine connect to this CTF service, which manages things like input methods, keyboard layouts, text processing, etc.”


As such, it also can be used as a bridge between different windows on a desktop. In his writeup, Ormandy noted in a blog post on Tuesday, “You might have noticed the ‘ctfmon’ service in Task Manager. It is responsible for notifying applications about changes in keyboard layout or input methods. The kernel forces applications to connect to the ctfmon service when they start, and then exchange messages with other clients and receive notifications from the service.”


In cross-application communication, an authentication mechanism would ordinarily ensure that privileged processes are isolated from unprivileged processes. However, due to a lack of authentication in CTC, an unprivileged program running in one window can use it to connect to a high-privileged program in another, spawning high-privileged processes.


“These various windows can run with different privilege levels, and there should exist some boundaries between the levels,” explained Dustin Childs, manager with Trend Micro’s ZDI, in an email to Threatpost. “Tavis found a way to communicate between various permissions levels through the CTF protocol, which has existed in Windows for some time.”


From a technical perspective, the flaw is being exploited via the Input Method Editor (IME), according to Todd Schell, senior product manager of security for Ivanti.


“When you log into a system using one of the Asian languages, you are set up by the IME with an input profile with enhanced capabilities,” he explained. “This is pretty severe because it bypasses the User Interface Privilege Isolation (UIPI) features of the OS.”


Back to the Technology News Main Page

Not Happy with your current IT Company? Advantage Industries is here to help.

Fill out the form below to schedule a no-obligation review with Advantage.


Keith Heilveil

In 1999 Advantage Industries was created to protect and promote our client’s success through the use of innovative technology. Our company is a full services technology firm that provides computer network support and solutions, managed services, cybersecurity, and custom application development for small and medium businesses in the Maryland, DC, and Virginia areas.

Looking for something specific?

Search our blog library to find the article you need.
Tim Happel

Tim Happel

Sr. Director of Sales, PMP

Get a strategic advantage over your competitors & peers by partnering with Advantage Industries.

Book Your Complimentary Strategic IT Consultation Using The Form Below.