WIN8 system QQ PinYin Input Method bypass authentication Access Vulnerability

Release date:
Updated on:

Affected Systems:
Microsoft Windows 8
Description:
--------------------------------------------------------------------------------
Windows 8 is a revolutionary operating system developed by Microsoft. The Windows input method allows you to use a standard 101 keyboard to input Chinese and other double-byte languages.

A design vulnerability exists in the input mechanism provided by Windows 8. attackers who can access computer terminals or access through Terminal Services may exploit this vulnerability to directly gain administrator privileges on the host.

If an input method is installed in the system, it will also appear in the logon interface or lock screen status by default. In this case, the operating system should provide different functions according to its own running status. However, Windows 8 does not correctly check the logon status of the current system and mistakenly provides some dangerous functions to users who have not yet logged on to the system. Therefore, if a malicious user can access the affected system through a physical terminal or terminal service session, and access system files and programs by executing some help functions provided by the input method to bypass the logon authentication mechanism, directly obtain system management permissions.

The exploitation of this vulnerability is related to the design of various input methods. Currently, it has been confirmed that the available input methods include QQ Pinyin input methods.

<* Source: MayBreath

Link:
*>

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:

If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:

* Uninstall the affected input methods or other third-party input methods, and use the input methods that come with win8, such as Microsoft Pinyin or smart ABC.

Vendor patch:

Microsoft
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.microsoft.com/technet/security/