Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Remote Desktop Zero-Day Bug Allows Attackers to Hijack Sessions
#1
Quote:A new zero-day vulnerability has been disclosed that could allow attackers to hijack existing Remote Desktop Services sessions in order to gain access to a computer.
 
The flaw can be exploited to bypass the lock screen of a Windows machine, even when two-factor authentication (2FA) mechanisms such as Duo Security MFA are used. Other login banners an organization may set up are also bypassed.
 
The issue is now tracked as CVE-2019-9510 and is described as an authentication bypass using an alternate path or channel.
 
An advisory today from the CERT Coordination Center at the Carnegie Mellon University Software Engineering Institute (SEI), warns that session locking can behave in an unexpected way on the latest Windows systems where remote desktop sessions use NLA.
 
Even if a user specifically locks a Windows machine during an RDP session, if the session is temporarily disconnected, automatic reconnection restores the session to an unlocked state, "regardless of how the remote system was left." This affects Windows 10 starting version 1803 and Server 2019 or newer.

SOURCE: https://www.bleepingcomputer.com/news/se...-sessions/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>