DoS Vulnerability found in the New Contact Name Field of Microsoft’s People Application

Microsoft has its own centralized address book that combines all your social calls, communications, and connections into one place under the umbrella of its People app. A denial of service vulnerability has been found in the Microsoft people version 10.1807.2131.0 by LORD on the 4th of September, 2018. This vulnerability was detected and tested on Microsoft’s Windows 10 operating system.

The Microsoft People application on the Windows 8 and 10 desktop operating systems is essentially a contact management database platform dubbed address book. It unites several email accounts and other platforms’ contacts in one place for one click easy access. It incorporates your Apple accounts, Microsoft accounts, Xbox accounts, Google accounts, Skype, and much more all in one place so that you can connect to the people you want to instantly.

The smart application also merges contacts from different platforms for wholesome contact cards containing all the information you have about a particular person. The application lets you track your emails and calendars, connecting it with your people of interest.

The denial of service crash occurs in this application when the python exploit code is run, and a crash-inducing code is pasted into the application. To do this, you must copy the content of the “poc.txt” text file containing this code and launch the people application. Inside the application, click on “new contact (+)” and paste the code copied onto your clipboard in the name field. Once you save this contact, the application crashes with a denial of service.

A CVE identification label has not been assigned to this vulnerability yet. There is no information on whether the vendor has acknowledged this vulnerability yet, either, or whether Microsoft even plans to release an update to mitigate this vulnerability. Given the details of the vulnerability, though, I believe that the exploit most likely falls at around a 4 rating on the CVSS 3.0 scale, compromising only availability of the program, making it a lesser concern without warrant for a whole update to fix this on its own.

Aaron Michael
Aaron Micheal is an electrical engineer by profession and a hard-core gamer by passion. His exceptional experience with computer hardware and profound knowledge in gaming makes him a very competent writer. What makes him unique is his growing interest in the state of the art technologies that motivates him to learn, adopt, and integrate latest techniques into his work.

Expert Tip

DoS Vulnerability found in the New Contact Name Field of Microsoft’s People Application

If the issue is with your Computer or a Laptop you should try using Restoro which can scan the repositories and replace corrupt and missing files. This works in most cases, where the issue is originated due to a system corruption. You can download Restoro by clicking the Download button below.

Download Now

I'm not interested