Profile picture
The Hacker News
@TheHackersNews
, 6 tweets, 4 min read Read on Twitter
New Unpatched Bug Could Allow Client-Side Attackers to Bypass #Windows Lock Screen On RDP Sessions

Read more — thehackernews.com/2019/06/rdp-wi…

All the attacker needs to do is… interrupt the network connectivity of a targeted client system and Tadaaaa...! the lock screen will disappear
Starting with Windows 10 1803 and #Windows Server 2019, this flaw exists when login over #RDP requires the clients to authenticate with Network Level Authentication, an option that #Microsoft recently recommended as a workaround against the critical #BlueKeep RDP vulnerability.
Moreover...

"Two-factor authentication systems that integrate with the Windows login screen, such as Duo Security MFA, are also bypassed using this mechanism. Any login banners enforced by an organization will also be bypassed." @wdormann confirmed.
Joe Tammariello, who discovered this issue, notified Microsoft of the #vulnerability on April 19, but the company said the "behavior does not meet the Microsoft Security Servicing Criteria for Windows."

thehackernews.com/2019/06/rdp-wi…

Expect no patch for Lock Screen bypass anytime soon
Client users can protect their RDP sessions against potential exploitation of this vulnerability by simply locking their local system instead of the remote system, or both, while leaving the system unattended and also by disconnecting RDP sessions instead of just locking them.
We have just added a video demonstration for the latest unpatched "Windows Lock Screen bypass on RDP Session" vulnerability (CVE-2019-9510)

Watch >> thehackernews.com/2019/06/rdp-wi…

Video courtesy of @LeandroNVelasco from KPN Security Research Team.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to The Hacker News
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#Windows #RDP #Microsoft #BlueKeep #vulnerability

More from @TheHackersNews see all

Profile picture
The Hacker News
@TheHackersNews
EXCLUSIVE — A hacker who previously claimed to have hacked massive databases [millions of records] from multiple websites and then put them online for sale in 3 rounds has now come back with a new set of databases breached from 6 other websites

(story coming shortly, stay tuned)
[ROUND 4] List of breached sites:

1) Youthmanual — Indonesian college and career platform
2) GameSalad — Online learning platform
3) Bukalapak — Online Shopping Site
4) Lifebear — Japanese Online Notebook
5) EstanteVirtual — Online Bookstore
6) Coubic — Appointment Scheduling
[Story] Round 4 — Hacker Puts 26 Million New Accounts Up For Sale On the Dark Web

thehackernews.com/2019/03/data-b…

If you have an account with any of the above-listed sites, you should change your passwords immediately and also on other services if you re-use the same password.
Read 8 tweets
Profile picture
The Hacker News
@TheHackersNews
We all love your media player, but that’s really rude #VLC 🙄

VLC developers refused to consider #software "update-over-HTTP" as a threat.

Responded→ “no threat model. no proof. no #security bug"

It wouldn't hurt if you simply consider the suggestion.

trac.videolan.org/vlc/ticket/217…
Though VLC updates are "signed and authenticated with OpenPGP," as developers said, adding an inexpensive but an important extra later of security is a considerable suggestion.
Yes, absolutely. But Looking at your software' popularity and the user base, adding another "easy to implement" second-factor authentication is not a bad idea. Or is it?

Read 3 tweets

Related threads

Profile picture
Cigman Freud ❌ Certifies Trump
@Cigarvolante
@cspanwj #PatriotsFight #TraitorsJustice #QAnon #WeAreTheNewsNow

June 6, 2019
Wreck the Electoral College, Destroy the Country
By David Horowitz

Read more: americanthinker.com/articles/2019/…
Follow us: @AmericanThinker on Twitter | AmericanThinker on Facebook
@cspanwj #PatriotsFight #TraitorsJustice #QAnon #WeAreTheNewsNow

DEMS (abetted by some deviant Republicans) have been working on a plan that would destroy the diversity of the American political system and bring the nation to the brink of civil war.
@cspanwj
In the name of “democracy,” it proposes to circumvent the Constitution and its requirement of large national majorities for amending what has been the fundamental law of the land.
Read 5 tweets
Profile picture
Montana 🕊Agent Applebutt
@_Montana_Bound_
4/28/2019 Thread: (1) Topic ~
“New York Times Issues Death Warrant For Trump And American Jews—California Madman Responds”

Ex-New York Times editor Jill Abramson rips paper's 'unmistakably anti-Trump' bias
washingtontimes.com/news/2019/jan/…
(1-A) The centuries may change, but The New York Times has not forgotten its anti-semitic roots.

The New York Times' first article about Hitler's rise is absolutely stunning (READ)
vox.com/2015/2/11/8016…
(1-B) ‘Despicable’ – New York Times apologizes for ‘flagrantly anti-Semitic’ cartoon
rt.com/usa/457732-new…

Trump: The first Jewish President of the United States
blogs.timesofisrael.com/trump-the-firs…

Israelis Love Trump More Than Almost Any Other Nation, Poll Shows
haaretz.com/israel-news/.p…
Read 20 tweets
Profile picture
GreatGameIndia
@GreatGameIndia
#MissionShakti - India's anti-satellite missile test - where we identify the satellite used during the test as well as address the multi-national meeting going on in Geneva on Militarization of Space & India's pre-emptive test to thwart any possible bans.
greatgameindia.com/mission-shakti…
Was #MissionShakti a defiant preemptive strike to thwart any attempts to ban testing of space-conflict weaponry that may result from ongoing 25 nations meet in Geneva on Militarisation of Space to be concluded today in the backdrop of India's #ASAT test?
greatgameindia.com/mission-shakti…
In the case of #MissionShakti, because of the low altitude of less than 300 km of the target satellite #MICROSATR, the debris threat will be limited. While space debris has become a bone of contention at the Geneva meet, we present here the actual figires.
greatgameindia.com/mission-shakti…
Read 25 tweets
Profile picture
2Miners
@pool2miners
Today we will discuss the 51% attacks, which is particularly relevant in light of the issues happened this year with #clo, #etc and #moac.
#51attacks #cryptomythbusters
👇
Many #cryptocurrency “experts” believe that if a user has more than a 51% of the network hash rate, he can do whatever he wants, such as going on a spending spree. But in reality, it’s much different.
Let’s say a miner owns 60% of the network hash rate. This lets him “hold” his blocks and not send them to the network. Instead, he continues mining his own chain by himself. Over a certain period of time, the miner is very likely to create more blocks than the rest of the network
Read 13 tweets
Profile picture
Q17 TRUMP 2020 ❤❤🇺🇸🇺🇸
@DrSesus8091
NEW Q THREAD
#MLKDay
#MLK
#MLK2019
RACISM AND SEGREGATION DONE BY DEMOCRATS .. PERIOD.
#FakeNewsMedia pushes it.
All hate Groups and ties
KKK
Black Panthers
Illuminati
Masons
JESUITS
ANTIFA
NAZI
LUCIFERIANS
SATANISM
BLM
and more
SECRET SOCIETIES
Hillary Clinton kisses Dragon KKK leader Robert Byrd. Snopes a fake website endorsed by elites and tech companies as factual website has lawsuits upon them. They are white racist mean people. White Supremacy words come, antisemitism n more
KKK
Dec 24 1865
In Pulaski, Tennessee, a group of Confederate veterans convenes to form a secret society that they christen the “Ku Klux Klan.” The KKK rapidly grew from a secret social fraternity to a paramilitary force.....
google.com/amp/s/www.hist…
Read 142 tweets
Profile picture
Q17.Punisher 💀 2019
@DrSesus8091
New Thread of 911 Files
@madmandave1011
@fedupwarriorq17

911 files of #DarkOverlord
Second cache of 9/11 docs released by The Dark Overlord hackers rt.com/usa/448416-hac…#september11 #DarkOverlord #TheDarkOverlord #ITsec #ITsecurity #IsraelDid911
According to @Forbes, the cybercrime group known as #TheDarkOverlord has acquired 18,000 documents, many of which are related to the 9/11 events, and are demanding #bitcoin ransom in return for the data. #DarkOverlord
forbes.com/sites/thomasbr…
Read 24 tweets

Trending hashtags

#HarleyRouda #Prayagraj #Russia #America #MauniAmawasya #BLOCKv #coup #JuanGuaido #contentmoderation #Yemenis #Security #SmearCampaign #wind #IStandWithGenFlynn #WhenWeFightWeWin #muniland #911hack #QPOSTS #RegimeChangeDeluxe #911leak #technology #KumbhMela2019 #Mafuro #OTC #Ethereum
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!