5/5 - (1 votes)

Discovery of a zero-day flaw in Windows remote desktop management.

Security experts have just announced the discovery of a zero-day vulnerability.

This flaw allows attackers to hijack Windows sessions. CVE-2019-9510a was discovered by Joe Tammariello of SEI at Carnegie Mellon University. It received a severity score of 4,6 out of 10.

Remote Desktop Zero-Day Bug Allows Attackers to Hijack Sessions

A new zero-day vulnerability has been disclosed that could allow attackers to hijack existing Remote Desktop Services sessions in order to gain access to a computer.
The flaw can be exploited to bypass the lock screen of a Windows machine, even when two-factor authentication (2FA) mechanisms such as Duo Security MFA are used. Other login banners an organization may set up are also bypassed.

 

About the Author

Back to top