Fortinet Discovers Microsoft Windows Universal Telemetry Client Denial of Service Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a Denial of Service vulnerability in Microsoft Universal Telemetry Client.
Microsoft Universal Telemetry Client (UTC) is a remote procedure call (RPC) service that is used to collect telemetry data from Windows 10 to identify security and reliability issues, to analyze and fix software problems, to help improve the quality of Windows and related services, and to make design decisions for future releases.
The Denial of Service vulnerability is caused by insufficient user input validation sent to APIs exposed via UTC RPC interfaces that eventually lead to null pointer dereference. The vulnerability can be triggered by local authenticated user to effectively terminate the service that can normally be done by administrative users.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:MS.RPC.UTC.DoS
Released Nov 14, 2018
Users should apply the solution provided by Microsoft.
Timeline
Fortinet reported the vulnerability to Microsoft on September 25, 2018.
Microsoft confirmed the vulnerability on October 3, 2018.
Microsoft patched the vulnerability on December 11, 2018.