Fortinet Discovers Microsoft Windows Universal Telemetry Client Denial of Service Vulnerability
Fortinet's FortiGuard Labs has discovered a Denial of Service vulnerability in Microsoft Universal Telemetry Client.
Microsoft Universal Telemetry Client (UTC) is a remote procedure call (RPC) service that is used to collect telemetry data from Windows 10 to identify security and reliability issues, to analyze and fix software problems, to help improve the quality of Windows and related services, and to make design decisions for future releases.
The Denial of Service vulnerability is caused by insufficient user input validation sent to APIs exposed via UTC RPC interfaces that eventually lead to null pointer dereference. The vulnerability can be triggered by local authenticated user to effectively terminate the service that can normally be done by administrative users.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Nov 14, 2018
Users should apply the solution provided by Microsoft.
Fortinet reported the vulnerability to Microsoft on September 25, 2018.
Microsoft confirmed the vulnerability on October 3, 2018.
Microsoft patched the vulnerability on December 11, 2018.
This vulnerability was discovered by Wayne Low of Fortinet's FortiGuard Labs.