Several critical design flaws were found by Google Project Zero security researcher Tavis Ormandy in the CTF subsystem (MSCTF) of the Windows Text Services Framework (MSCTF), present in all versions going back as far as Windows XP. […]

from https://www.bleepingcomputer.com/news/microsoft/windows-ctf-flaws-enable-attackers-to-fully-compromise-systems/