Monday, May 5, 2025
HomeComputer SecurityNew RDP Zero-Day Bug Let Hackers to Bypass the Windows Lock Screen...

New RDP Zero-Day Bug Let Hackers to Bypass the Windows Lock Screen on Remote Desktop Sessions

Published on

SIEM as a Service

Follow Us on Google News

A new Zero-day vulnerability in Microsoft Windows Remote Desktop protocol let attackers hijack the lock screen on remote desktop sessions.

Security researcher Joe Tammariello of Carnegie Mellon University discovered a Zero-day vulnerability in Microsoft Windows Remote Desktop that handles client authentication through NLA.

Network Level Authentication (NLA) is an authentication method used to enhance RD Session Host server security, by authenticating the user before establishing the RD connection and the Windows lock screen appears.

- Advertisement - Google News

Microsoft recommended enabling NLA to defend against the critical BlueKeep RDP vulnerability(CVE-2019-0708).

The vulnerability affects Windows versions Windows 10 1803 and Windows Server 2019; it can be tracked as CVE-2019-9510 and assigned CVE score of 4.6.

“If a network anomaly triggers a temporary RDP disconnect, upon automatic reconnection the RDP session will be restored to an unlocked state, regardless of how the remote system was left,” explained Will Dormann.

Attack Scenario

1. The user connects to remote Windows 10 1803 or Server 2019 or newer system using RDP.
2. User locks remote desktop session.
3. User leaves the connected system used as an RDP client unattended.

In this case, an attacker could interrupt the network connectivity of the RDP client system, which let hackers gain access to the targeted system without requiring any credentials.

“Two-factor authentication systems that integrate with the Windows login screen, such as Duo Security MFA, are also bypassed using this mechanism.”

Mitigations

  • Users are recommended to lock the local computers instead of the remote computer.
  • RDP sessions should be disconnected rather than locked

Tammariello reported the vulnerability to Microsoft, but the tech giant said: “behavior does not meet the Microsoft Security Servicing Criteria for Windows.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep yourself updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hackers Selling SS7 0-Day Exploit on Dark Web for $5,000

A newly discovered dark web listing claims to sell a critical SS7 protocol exploit...

Chimera Malware: Outsmarting Antivirus, Firewalls, and Human Defenses

X Business, a small e-commerce store dealing in handmade home décor, became the latest...

MediaTek Fixes Multiple Security Flaws in Smartphone, Tablet, and TV Chipsets

MediaTek, a leading provider of chipset technology for smartphones, tablets, AIoT, and smart TVs,...

xAI Developer Accidentally Leaks API Key Granting Access to SpaceX, Tesla, and X LLMs

An employee at Elon Musk’s artificial intelligence venture, xAI, inadvertently disclosed a sensitive API...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Selling SS7 0-Day Exploit on Dark Web for $5,000

A newly discovered dark web listing claims to sell a critical SS7 protocol exploit...

Chimera Malware: Outsmarting Antivirus, Firewalls, and Human Defenses

X Business, a small e-commerce store dealing in handmade home décor, became the latest...

MediaTek Fixes Multiple Security Flaws in Smartphone, Tablet, and TV Chipsets

MediaTek, a leading provider of chipset technology for smartphones, tablets, AIoT, and smart TVs,...