A vulnerability has been reported in Windows, which can be exploited by malicious, local users to terminate certain privileged programs.
The problem is that the "PostThreadMessage" API allows any program to send a "WM_QUIT", "WM_CLOSE", or "WM_DESTROY" message to another program's thread on the same desktop. This can be exploited by unprivileged users to close a personal firewall or other privileged application running on a system without having permissions to do so.
Successful exploitation requires that the program's thread has a message queue, since the "PostThreadMessage" API will fail otherwise.
A PoC (Proof of Concept) exploit is available.
Solution: Grant only trusted users access to systems.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft Windows Unauthorised Thread Termination