Yesterday, Microsoft has pushed this month’s routine cumulative update to various products to fix various vulnerabilities, but there is a known security vulnerability that Microsoft has not fixed. In view of this Google security lab, this security vulnerability is directly disclosed, because this vulnerability has exceeded the scheduled repair time specified by Google. The vulnerability is in Microsoft’s Text Services Framework (TSF), and this vulnerability affects all versions of Windows XP and beyond.
Google security researcher, Taviso posted a very detailed research report on the vulnerability on the security blog, and the vulnerability has been notified to Microsoft before. But Taviso doesn’t know why Microsoft has not fixed this vulnerability, is it because the repair is too complicated and temporarily unknown. However, in accordance with Google’s regulations, all vulnerabilities must be fixed within 90 days or an extra 15 days of buffering, and the vulnerabilities will be disclosed whether or not the fix expires. Because Microsoft did not release security updates to fix the vulnerability beyond the time of the bug fix, Google Labs thoroughly disclosed the vulnerability.
Vulnerable text service frameworks mainly call various input methods, then input content in the application window or display the input content. In fact, Microsoft has used sandbox technology and flow control technology to isolate applications, and many of the interaction information between applications is directly filtered. However, the use of security vulnerabilities in the text service framework can be used to enhance permissions, even ordinary user rights can be turned into administrator rights through exploiting vulnerabilities. Things that can be done with administrator privileges instantly become very numerous, and attackers who successfully exploit this vulnerability can actually take complete control of the entire system.
The text service framework is a system service that Microsoft developed many years ago. Google researchers have reversed and found that there are many code annotations for this service. The researchers speculated that the service component should have been abandoned but eventually, some of the content was retained, until now, Windows 10 is also retained. In fact, the earliest text service framework was Microsoft’s Microsoft Office XP version released in 2001, which was not included in the operating system. Microsoft moved this service framework from software to the operating system and then kept it in all future versions.
Source, Image: google project zero