Discovery of a zero-day flaw in Windows remote desktop management.
Security experts have just announced the discovery of a zero-day vulnerability.
This flaw allows attackers to hijack Windows sessions. CVE-2019-9510a was discovered by Joe Tammariello of SEI at Carnegie Mellon University. It received a severity score of 4,6 out of 10.
Remote Desktop Zero-Day Bug Allows Attackers to Hijack Sessions
A new zero-day vulnerability has been disclosed that could allow attackers to hijack existing Remote Desktop Services sessions in order to gain access to a computer.
The flaw can be exploited to bypass the lock screen of a Windows machine, even when two-factor authentication (2FA) mechanisms such as Duo Security MFA are used. Other login banners an organization may set up are also bypassed.