CTF is a little known Microsoft protocol that exists in Windows XP and is still used today by all versions of Windows.
According to Tavis Ormandy, a security researcher from Google's Project Zero team found that the protocol is buggy, and hackers, or malware, can use it to take full ownership of the victim's computer.
What is CTF?
CTF is unknown. Even Ormandy, a well-known security researcher, couldn't find out what all the Microsoft documents mean.
What Ormandy discovered was that CTF is part of the Windows Text Services (TSF) framework of the system that manages any text that appears in Windows and Windows applications.
When the users they start a application, τα Windows εκκινούν επίσης ένα CTF client for this application. The CTF client is said to receive instructions from a CTF server about the operating system's language and keyboard input methods.
If something changes (for example changing language from Greek to English) the CTF server notifies all CTF clients who then change the language in each Windows application in real time.
So what Ormandy discovered is that communications between CTF servers and CTF clients are not properly encrypted.
Any application, any user - even with sandboxed processes - can be linked to any CTF session.
This way you could log in to someone else's active login and download any application or wait for an Administrator to log in and gain higher privileges.
Attackers can use this gap to steal data from other applications or issue commands in the name of those applications.
If applications run at high privileges, then these actions could allow the attacker to gain full control of the victim's computer.
And according to Ormandy, any Windows application or process can be compromised. Due to the role of the CTF (works in any application or service) there is a CTF process for everything running on a Windows operating system.
To prove the vulnerability, Ormandy created a demo that you can see below:
In addition, the researcher explains precisely in a blog post, the CTF security gap, but also released a tool on GitHub to help other researchers test the protocol.
_________________________
- Dorothy the baby girl who became trendy with tweets from the fridge
- Windows: 40 drivers vulnerable to escalation of privileges
- Nmap 7.80 free Security Scanner for everyone
- PCLinuxOS 2019.08 friendly for Windows friends
