CTF, a little-known Microsoft protocol used by all Windows operating system versions since Windows XP, is insecure and can be exploited easily.
It's extremely unfortunate when this sort of thing happens because it deters users from downloading patches of all sorts - not least of all security patches and Windows Updates from Microsoft.
Just as exploits for Microsoft'sBlueKeep bug make it into the wild, the company has announced another set of vulnerabilities in Windows that is equally unsafe - and this time, it also affects Windows 10 systems.
"Customers who have automatic updates enabled are automatically protected by these fixes". These flaws (CVE-2019-1181, 1182, 1222 and 1226) do.
Earlier in May, Microsoft disclosed that it has patched a "wormable" bug, dubbed BlueKeep, in the Remote Desktop Protocol (RDP). Specifically, the component known as CTextFramework (CTF), which dates back all the way to the days of Windows XP.
Ormandy also published a video demo on YouTube to show the dangers behind the MSCTF flaws by exploiting the protocol to hijack the Windows LogonUI-program used by the system to show the login screen-to gain SYSTEM privileges in Windows 10.
This vulnerability now affects hundreds of millions of computers around the globe.
Windows Protector shared the leading bestow F-Secure SAFE, Kaspersky Web Security, and Norton Security, however, Microsoft's software has a substantial benefit over those 3: it comes cost-free with Windows 10, while the others are paid-for choices.
"There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled", Pope said. "Successful exploitation would allow an attacker to perform actions on the system using the same permissions as the current user". There are also some related denial-of-service (DoS) bugs patched in Hyper-V.
Enabling NLA adds a layer of protection against these kinds of attacks, but even then, an attacker could still exploit the vulnerabilities-it would just be more hard because they would need authentication credentials.
If you are working with Windows-based systems, you should download and install the August Security update.
July 2019 was Earth's hottest month ever recorded
The July peaks came hot on the heels of a sizzling June, which ended up being the hottest June recorded over the past 140 years. And Antarctic sea-ice coverage dipped below average, NOAA said, "making it the smallest for July in the 41-year record".
Here’s What the ‘CRAZY INVERTED YIELD CURVE’ Means for You
The president has steadily ratcheted up pressure on China to make a trade deal with ever-higher tariffs on Chinese imported goods. The last inversion of this part of the yield curve came in December 2005, or two years before the Great Recession hit in 2008.