Discovery of a zero-day vulnerability in Windows Remote Desktop Management.

Des experts en sécurité viennent d’annoncer la découverte d’une vulnérabilité de niveau zero-day.

This vulnerability allows attackers to hijack Windows sessions. CVE-2019-9510 a was discovered by Joe Tammariello the SEI of Carnegie Mellon University. He received a severity score 4,6 on 10.

Remote Desktop Zero-Day Bug Allows Attackers to Hijack Sessions

A new zero-day vulnerability has been disclosed that could allow attackers to hijack existing Remote Desktop Services sessions in order to gain access to a computer.
The flaw can be exploited to bypass the lock screen of a Windows machine, even when two-factor authentication (2FA) mechanisms such as Duo Security MFA are used. Other login banners an organization may set up are also bypassed.

 


Total views 112 (Today 1 )