The present generation of technology has been particularly concerned over the lack of proper security covers that ensure that any common device that we use in our day to day life is completely safe. After the detection of a flaw in the Contacts App of Apple, here comes another major flaw detected with the Windows PC.
Just like the previous case of any common or so to say basic software app turning sensitive to codes and exposing the whole device along with user account to vulnerabilities, the present case with Windows PC is associated with a similar basic app- the Notepad. The threat has been triggered by the platforms most popular app offering which was every time a neglected of its tiny safe cover on the outside.
The App will not only expose the device to threats after the implementation of malicious codes but will also expose important user data loaded with the private account to the hacker which can be processed against exploiting the user.
The flaw dates back to Windows XP which essentially denotes that there still could be devices brought recently into the market which have the same issues to offer.
Google Project Zero expert Tavis Ormandy has reportedly discovered the flaw, which can expose a wide vulnerability on its part in the Windows Text Services Framework that has the responsibility to look after the keyboard layouts and text input.
The report by The Register states,
“A component within the system, CTextFramework, can be asked through apps that interact with it to process showing text on the screen. Ormandy found that the security protocols governing the system can be easily bypassed, allowing hackers to escalate their access privileges and gain access to multiple systems across the victim’s device”.
These are the kind of hidden attack surfaces where bugs last for years,” Ormandy said. “It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed.”
The flaw is officially known as CVE-2019-1162, declared as being patched in Microsoft’s monthly Patch Tuesday security release, which should be installed as soon as possible in the opinion of the tech giant.
What becomes essential as a point to receive optimum attention is the likeness of basic software to provide a connection to the larger picture of user network which can be hacked by running arbitrary codes in the soft points. Not every tech company pays close attention to each and every primitive inclusion for the experimentation with codes. Anyways the exposition has always helped the companies to be cautious of their software.