Morphisec UTP Solution For Microsoft MSCTF Flaw


Recently Google Project Zero Security researcher Tavis Ormandy found critical flaws in the CTF subsystem of Windows Text Services Framework(MSCTF).

This component is present in all versions of Windows back to Windows XP


The Design Flaws in MSCTF component allows attackers logged into the Windows system to take advantage of the huge attack surface. This could potentially allow the attacker to fully compromise the system post exploitation and gain system privileges.

Attack can be described in a manner that an unprivileged process (low integrity) would not be permitted to write or read data from a high privileged process.

The Flaws in CTF bypass the restrictions and allows an unprivileged process to write to privileged processes.


Exploitation of the flaws can lead to sending commands to elevated command windows, reading passwords out of dialogs, escaping IL/AppContainer sandboxes by sending input to unsandboxed windows, and so on.

The memory corruption flaws found in the CTF protocol can be exploited by attackers in a default configuration, and are not dependent on the Windows language or regional settings.


Morphisec UTP working on Moving Target Defense as a principle can successfully prevent exploitation of the MSCTF Design flaw in Windows systems starting from Windows 7. 


Morphisec UTP solution acts as a Vulnerability Shield protecting assets against exploitation of Critical Vulnerability.

In order to prevent it you should add sihost.exe to the include list and restart the machine (sihost.exe is loaded before the policy modification and is relevant only to Windows 10) - as soon as there will be working RCE for Windows 7 we will update you on which process to add to the list.