Tagged as CVE-2019-9510, the flaw affects Windows Remote Desktop Protocol NLA, which would allow for attackers to work around the Windows lock screen and gain access without prior approval. Any system running Windows 10 1803 or later can become victim to the vulnerability. Researchers noticed a strange behavior when attempting to lock sessions. Anytime RDP connections were restarted, remote systems with an active Windows lock screen could be bypassed without credentials, even ones that had implemented 2FA. A portion of a security advisory by researchers read, “It is important to note that this vulnerability is with the Microsoft Windows lock screen’s behavior when RDP is being used, and the vulnerability is present when no MFA solutions are installed. While MFA product vendors are affected by this vulnerability, the MFA software vendors are not necessarily at fault for relying on the Windows lock screen to behave as expected.” Microsoft has not yet released a fix for the flaw but there should be more information during this month’s patch Tuesday.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased