Ars Technica

A look at the Windows 10 exploit Google Zero disclosed this week

On Tuesday, Tavis Ormandy of Google’s Project Zero released an exploit kit called ctftool, which uses and abuses Microsoft’s Text Services Framework in ways that can effectively get anyone root—er, ...
Bleeping Computer

Windows CTF Flaws Enable Attackers to Fully Compromise Systems

Several critical design flaws were found by Google Project Zero security researcher Tavis Ormandy in the CTF subsystem (MSCTF) of the Windows Text Services Framework (MSCTF), present in all versions ...