Microsoft CTF Protocol vulnerability alerts-a vulnerability alert-the black bar safety net

2019 Year 8 on 13 May, google security researcher Tavis Ormandy published a blog disclosing the windows operating system in the CTF agreement is the presence of a multi-year vulnerability.

0x01 vulnerability details
google security researcher Tavis Ormandy in Windows text services framework(MSCTF)found some from Windows XP start the presence of design defects. Logged on a Windows system an attacker can exploit the vulnerability to obtain SYSTEM privileges. Ormandy also on YouTube posted a video presentation, through use of the Protocol hijacking system used to display the login screen of Windows LogonUI program in Windows to get SYSTEM permissions.
Microsoft currently has released numbers for CVE-2019-1162 security patches to solve the Windows operating system advanced local procedure call(ALPC)in a related issue, it is unclear whether it will be released for other components of the patch to fix MSCTF it.

0x02 impact version
CVE-2019-1162 versions affected are as follows:
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for 64-based Systems
Windows 10 Version 1709 for ARM64-basedSystems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-basedSystems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-basedSystems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-basedSystems
Windows 10 Version 1903 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit SystemsService Pack 2
Windows Server 2008 for 32-bit SystemsService Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based SystemsService Pack 2
Windows Server 2008 for x64-based SystemsService Pack 2
Windows Server 2008 for x64-based SystemsService Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-BasedSystems Service Pack 1
Windows Server 2008 R2 for x64-based SystemsService Pack 1
Windows Server 2008 R2 for x64-based SystemsService Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Coreinstallation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Coreinstallation)
Windows Server 2016
Windows Server 2016 (Server Coreinstallation)
Windows Server 2019
Windows Server 2019 (Server Coreinstallation)
Windows Server, version 1803 (Server CoreInstallation)
Windows Server, version 1903 (Server Coreinstallation)

0x03 repair recommendations
Now the exploit code has been disclosed, 360CERT suggestions through the installation of 360 security guards(http://weishi.360.cn)for a key update. It is timely for the Microsoft Windows version of the update and keep Windows Automatic Updates turned on, you can also download the reference link in the package, the manual upgrade.

0x04 timeline
2019-08-14 the official Microsoft Security Bulletin
2019-08-16 360CERT warning

0x05 reference links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html