Home > News content

Microsoft Denies Network Authentication Vulnerabilities in Windows Remote Desktop: This is a feature

via:cnBeta.COM     time:2019/6/8 8:44:47     readed:254

(Screenshot viaMSPU)

The problem is, in the latestWindowsIn 10 1903 (updated in May 2019), the working principle of NLA has changed.NakedSecurityIt is pointed out that:

The new authentication mechanism caches the client's login credentials on the RDP host so that the client can login again quickly when it loses connection. This change allows the attacker to bypass the Windows lock screen.

In this regard, NakedSecurity has issued a warning to the computer Emergency response team (CERT / CC), which is already in a security bulletin (VU#)Five hundred and seventy-six thousand six hundred and eighty-eight) Detailed introduction is given.

Affected by this, the reconnected RDP session will be restored to the login interface rather than left on the login screen, which means that the remote system can be unlocked without manually entering any credentials.


(Figure from: CERT)

Worse still,This vulnerability allows an attacker to bypass multiple factor authentication (MFA) systems whileMicrosoftHowever, it is regarded as a special RDP function.The company responded:

After investigation, we believe that this is in line with Microsoft's Windows Security Service Standard. This example refers to the Network-Level Authentication (NLA) supported by Windows Server 2019.

NLA will request user information early in the connection and use the same identity credentials when the user enters the session (or reconnects).

As long as it is connected, the client caches the credentials and calls them when it needs to reconnect automatically (thus bypassing NLA).

CERT points out that:Since Microsoft only acknowledges that this is a feature, not a bug, it means that it will not provide any fixes soon.It is recommended that users try to use the lock screen mechanism of local machines (rather than remote desktop connections).

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments