Zero-Day Advisory

Fortinet Discovers Microsoft Windows Universal Telemetry Client Denial of Service Vulnerability

Summary

Fortinet's FortiGuard Labs has discovered a Denial of Service vulnerability in Microsoft Universal Telemetry Client.


Microsoft Universal Telemetry Client (UTC) is a remote procedure call (RPC) service that is used to collect telemetry data from Windows 10 to identify security and reliability issues, to analyze and fix software problems, to help improve the quality of Windows and related services, and to make design decisions for future releases.


The Denial of Service vulnerability is caused by insufficient user input validation sent to APIs exposed via UTC RPC interfaces that eventually lead to null pointer dereference. The vulnerability can be triggered by local authenticated user to effectively terminate the service that can normally be done by administrative users.


Solutions

FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:

MS.RPC.UTC.DoS
Released Nov 14, 2018

Users should apply the solution provided by Microsoft.

Timeline

Fortinet reported the vulnerability to Microsoft on September 25, 2018.

Microsoft confirmed the vulnerability on October 3, 2018.

Microsoft patched the vulnerability on December 11, 2018.

Acknowledgement

This vulnerability was discovered by Wayne Low of Fortinet's FortiGuard Labs.

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.