A new Zero-day vulnerability in Microsoft Windows Remote Desktop protocol let attackers hijack the lock screen on remote desktop sessions.
Security researcher Joe Tammariello of Carnegie Mellon University discovered a Zero-day vulnerability in Microsoft Windows Remote Desktop that handles client authentication through NLA.
Network Level Authentication (NLA) is an authentication method used to enhance RD Session Host server security, by authenticating the user before establishing the RD connection and the Windows lock screen appears.
Microsoft recommended enabling NLA to defend against the critical BlueKeep RDP vulnerability(CVE-2019-0708).
The vulnerability affects Windows versions Windows 10 1803 and Windows Server 2019; it can be tracked as CVE-2019-9510 and assigned CVE score of 4.6.
“If a network anomaly triggers a temporary RDP disconnect, upon automatic reconnection the RDP session will be restored to an unlocked state, regardless of how the remote system was left,” explained Will Dormann.
1. The user connects to remote Windows 10 1803 or Server 2019 or newer system using RDP.
2. User locks remote desktop session.
3. User leaves the connected system used as an RDP client unattended.
In this case, an attacker could interrupt the network connectivity of the RDP client system, which let hackers gain access to the targeted system without requiring any credentials.
“Two-factor authentication systems that integrate with the Windows login screen, such as Duo Security MFA, are also bypassed using this mechanism.”
Tammariello reported the vulnerability to Microsoft, but the tech giant said: “behavior does not meet the Microsoft Security Servicing Criteria for Windows.”
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep yourself updated.
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…
The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…
Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…
A security researcher discovered a vulnerability in Windows theme files in the previous year, which…
The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…