Hackers take advantage of every security flaw to break into computers, but this time with a major flaw in the Notepad, the road has been paved for them.
A security vacuum was detect in one of the simplest Windows operating system applications, Notepad. According to TechRadar, a security researcher has discovered a computer vulnerability when using a notebook.
Notepad is the most basic application for typing and editing text that lacks a specific format. From this notebook security flaw discovered by Google Project Zero security researcher Tavis Ormandy, hackers can exploit and easily seize entire computers by downloading some malicious code.
This flaw allows hackers to break into even computers running legacy Windows XP.
As TechRadar points out, the flaw is actually due to a weakness in the Windows Text Services Framework.
It deals with text inputs, text processing and keyboard layouts. The security vacuum lies at the heart of this framework, a component known as the CTextFramework.
According to The Register, this component itself has security flaws that ultimately allow hackers to exploit it through programs that are using to type text and interact with it.
In addition, TechRadar points out that research into the notebook’s security flaws shows that it is basically easier to pass security system protocols.
This not only allows hackers to gain access and more, but also enables them to access other computers using the victim’s computer.
Ormandy wrote in a blog post about the extent of the damage caused by the security flaws of the CTextFramework component:
1. There is no access control, and any application and user can connect to any CTF even in the sandbox process.
In fact, users are asked for Thread ID, Processing ID, and HWND, but since this information is not authenticated, it can be false;
2. Hackers can easily introduce themselves instead of the CTF service and access other applications, even system applications, and there is no obstacle to doing so.
Even in the most optimistic way, using CTF can escape the sandbox environment and increase access.
According to TechRadar and ZDNet, Microsoft released patch CVE-2019-1162, known as Patch Tuesday, on Tuesday, August 8 as part of Microsoft’s monthly security updates.
ZDNet reports that this patch is intended to fix all four security flaws.
The Security Flaw in Notepad can get your Windows PC hacked!
The present generation of technology has been particularly concerned over the lack of proper security covers
that ensure that any common device that we use in our day to day life is completely safe.
After the detection of a flaw in the Contacts App of Apple,
here comes another major flaw detected with the Windows PC.
Just like the previous case of any common or so to say basic software app turning sensitive to codes and exposing the whole device along with user account to vulnerabilities,
the present case with Windows PC is associating with a similar basic app- the Notepad.
The threat has been triggered by the platforms most popular app offering which was every time a neglected of its tiny safe cover on the outside.
The App will not only expose the device to threats after the implementation of malicious codes but will also expose important user data loaded
with the private account to the hacker which can be processed against exploiting the user.
The flaw dates back to Windows XP which essentially denotes
that there still could be devices reveal recently into the market which have the same issues to offer.
Google Project Zero expert Tavis Ormandy has reportedly discovered the flaw,
which can expose a wide vulnerability on its part in the Windows Text Services Framework
that has the responsibility to look after the keyboard layouts and text input.
“A COMPONENT WITHIN THE SYSTEM,
CTEXTFRAMEWORK, CAN BE ASKED THROUGH APPS THAT INTERACT WITH IT TO PROCESS SHOWING TEXT ON THE SCREEN.
ORMANDY FOUND THAT THE SECURITY PROTOCOLS GOVERNING THE SYSTEM CAN BE EASILY BYPASSED,
ALLOWING HACKERS TO ESCALATE THEIR ACCESS PRIVILEGES AND GAIN ACCESS TO MULTIPLE SYSTEMS ACROSS THE VICTIM’S DEVICE”.
These are the kind of hidden attack surfaces where bugs last for years,” Ormandy said.
“It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years,
and nobody noticed.”
The flaw is officially knows as CVE-2019-1162, declaring as being patch in Microsoft’s monthly Patch Tuesday security release,
which should be install as soon as possible in the opinion of the tech giant.
What becomes essential as a point to receive optimum attention is the likeness of basic software to provide a connection
to the larger picture of user network which can be hacked by running arbitrary codes in the soft points.
Not every tech company pays close attention to each and every primitive inclusion for the experimentation with codes. Anyways the exposition has always helped the companies to be cautious of their software.