Zero-day flaw in Windows allows attackers to hijack remote desktop sessions

A zero-day vulnerability has been found that affects Windows systems with active Remote Desktop Protocol (RDP) sessions. Called CVE-2019-9510, the vulnerability lies in Windows RDP Network Level Authentication(NLA) that allows attackers to bypass Windows lock screen and permit unauthorized access to the system. Those systems with Windows 10 (version 1803 or later) and Server 2019 are affected by this authentication bypass flaw.

Due to this flaw, two-factor authentication (2FA) mechanisms such as Duo Security MFA, could also be bypassed. As of now, there are no security patches provided by Microsoft to address this zero-day.

An advisory said: “It is important to note that this vulnerability is with the Microsoft Windows lock screen’s behavior when RDP is being used, and the vulnerability is present when no MFA solutions are installed. While MFA product vendors are affected by this vulnerability, the MFA software vendors are not necessarily at fault for relying on the Windows lock screen to behave as expected.”