Google Project Zero security researcher Tavis Ormandy team's report , there is a little-known Microsoft vulnerabilities CTF agreement, it is easy to use, has obtained a foothold hackers or malicious programs on the victim computer may be exploited to hijack any Windows application, take over the entire operating system.
CTF represents what Ormandy is not found, it is part of the Windows Text Services Framework (TSF), the system used to display text in the Windows or Windows applications management. When a user launches an application, Windows will start a CTF client, the client will receive instructions about the operating system language and keyboard input method from a CTF server. If the operating system input method to switch from one language to another language, CTF CTF server will notify all clients, change the language in real time.
CTF vulnerabilities that the communication between the server and the client is not safe, no proper authentication. CTF attacker can hijack another application session, masquerading as the server sends instructions to the client. If the application is running on a privilege, an attacker can control the entire operating system.
Vulnerability affects all versions of Windows since XP, Microsoft is unclear whether or when it will release a patch.
